CVE-2026-1539

CWE-2019 documents8 sources
Severity
5.8MEDIUM
EPSS
0.1%
top 81.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Enterprise Linux
Timeline
PublishedJan 28
Latest updateFeb 8

Description

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

Debianlibsoup3< 3.6.5-8
Ubuntulibsoup3< 3.4.4-5ubuntu0.7+2

Also affects: Enterprise Linux 10.0, 6.0, 7.0, 8.0, 9.0

🔴Vulnerability Details

4
OSV
libsoup3 vulnerabilities2026-02-08
OSV
CVE-2026-1539: A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations2026-01-28
GHSA
GHSA-wj9p-f539-2mhr: A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations2026-01-28
CVEList
Libsoup: libsoup: credential leakage via http redirects2026-01-28

📋Vendor Advisories

3
Ubuntu
libsoup vulnerabilities2026-02-08
Red Hat
CVE-2026-1539: A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations2026-01-28
Debian
CVE-2026-1539: libsoup2.4 - A flaw was found in the libsoup HTTP library that can cause proxy authentication...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-1539 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-1539 (MEDIUM CVSS 5.8) | A flaw was found in the libsoup HTT | cvebase.io