CVE-2026-1539 is a vulnerability identified in the libsoup HTTP library, which is commonly used in Red Hat Enterprise Linux 10 for handling HTTP communications. The issue arises during HTTP redirect handling, where the library correctly removes the Authorization header to prevent credential leakage but fails to remove the Proxy-Authorization header when the redirect points to a different host. This oversight allows proxy authentication credentials to be inadvertently sent to unintended third-party servers. Since proxy credentials often grant access to internal or restricted network resources, their exposure can lead to unauthorized access or further exploitation. The vulnerability does not require any privileges or user interaction to exploit, making it accessible remotely over the network. The CVSS 3.1 score of 5.8 reflects a medium severity, indicating a moderate risk primarily due to the potential confidentiality impact and the ease of exploitation. No known exploits have been reported in the wild as of the publication date. The vulnerability affects any application or service on Red Hat Enterprise Linux 10 that uses libsoup for HTTP requests involving proxy authentication and redirects. This includes various system components and third-party applications relying on libsoup for HTTP proxy communication. The flaw highlights the importance of correctly handling all authentication headers during redirects to prevent sensitive information leakage.

The primary impact of CVE-2026-1539 is the potential leakage of proxy authentication credentials to unintended external servers. This can compromise the confidentiality of sensitive proxy credentials, which may allow attackers to impersonate legitimate users or services to access internal networks or resources. Organizations using Red Hat Enterprise Linux 10 with libsoup-based applications that perform HTTP requests through proxies are at risk. The exposure of proxy credentials could facilitate lateral movement within corporate networks, data exfiltration, or further exploitation of internal systems. Although the vulnerability does not affect system integrity or availability directly, the confidentiality breach can lead to significant security incidents, especially in environments relying heavily on proxy authentication for network segmentation and access control. The risk is heightened in environments where redirects to external hosts are common or where proxy credentials have broad access privileges. Since exploitation requires no authentication or user interaction, attackers can remotely trigger the vulnerability, increasing its threat potential.

To mitigate CVE-2026-1539, organizations should apply patches or updates provided by Red Hat for libsoup and Red Hat Enterprise Linux 10 as soon as they become available. In the absence of patches, administrators should audit and restrict HTTP redirect behavior in applications using libsoup, particularly those involving proxy authentication. Configuring proxies to limit credential scope and privileges can reduce potential damage if credentials are leaked. Network monitoring should be enhanced to detect unusual outbound HTTP requests carrying proxy credentials. Additionally, developers should review and update application code to ensure that all authentication headers, including Proxy-Authorization, are properly cleared during HTTP redirects. Employing network segmentation and strict access controls around proxy servers can further limit the impact of credential leakage. Finally, consider using alternative HTTP libraries or proxy authentication mechanisms that do not expose credentials during redirects until a fix is applied.