← Voltar para CVEs
CVE-2026-1539
MEDIUM5.8
Descricao
A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data.
Detalhes CVE
Pontuacao CVSS v3.15.8
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado1/28/2026
Ultima modificacao3/25/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
gnome:libsoupredhat:enterprise_linux
Fraquezas (CWE)
CWE-201
Referencias
https://access.redhat.com/security/cve/CVE-2026-1539(secalert@redhat.com)
https://gitlab.gnome.org/GNOME/libsoup/-/issues/489(secalert@redhat.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.