CVE-2026-5119

CWE-319 — Cleartext Transmission7 documents7 sources

Severity

8.2HIGH

EPSS

0.0%

top 97.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Linux

Timeline

PublishedMar 30

Description

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:NExploitability: 1.6 | Impact: 4.2

Affected Packages0 packages

Also affects: Enterprise Linux 10.0, 7.0, 8.0, 9.0

🔴Vulnerability Details

OSV

CVE-2026-5119: A flaw was found in libsoup↗2026-03-30

▶

CVEList

Libsoup: libsoup: information disclosure via cleartext transmission of cookies during https tunnel establishment↗2026-03-30

▶

GHSA

GHSA-j666-j6hj-fpc7: A flaw was found in libsoup↗2026-03-30

▶

📋Vendor Advisories

Red Hat

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment↗2026-03-30

▶

Debian

CVE-2026-5119: libsoup2.4 - A flaw was found in libsoup. When establishing HTTPS tunnels through a configure...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-5119 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶