CVE-2026-1539 — MEDIUM (5.8)

Vulnerability Description

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data.

CVSS Score

5.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Gnome	Libsoup	-
Redhat	Enterprise Linux	6.0

Related Weaknesses (CWE)

CWE-201

References

https://access.redhat.com/security/cve/CVE-2026-1539Third Party Advisory
https://gitlab.gnome.org/GNOME/libsoup/-/issues/489Issue TrackingVendor Advisory

FAQ

What is CVE-2026-1539?

CVE-2026-1539 is a vulnerability with a CVSS score of 5.8 (MEDIUM). A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization head...

How severe is CVE-2026-1539?

CVE-2026-1539 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-1539?

Check the references section above for vendor advisories and patch information. Affected products include: Gnome Libsoup, Redhat Enterprise Linux.