CVE-2026-1539 is a vulnerability discovered in the libsoup HTTP library, which is widely used in Red Hat Enterprise Linux 10 for handling HTTP communications. The issue arises during the handling of HTTP redirects: while libsoup correctly removes the Authorization header when redirecting to a different host, it fails to remove the Proxy-Authorization header. This oversight causes proxy authentication credentials to be inadvertently sent to unintended third-party servers during HTTP redirection. Since proxy credentials often grant access to internal networks or sensitive resources, their exposure can lead to unauthorized access or further attacks. The vulnerability has a CVSS 3.1 base score of 5.8 (medium severity), indicating a network attack vector with low complexity, no privileges or user interaction required, and a confidentiality impact. The scope is changed because the credentials leak outside the intended security boundary. No integrity or availability impacts are noted. Although no known exploits are currently reported in the wild, the flaw represents a significant risk for applications relying on libsoup for HTTP proxy authentication, especially in environments where sensitive proxy credentials are used. The vulnerability affects all applications using vulnerable versions of libsoup on Red Hat Enterprise Linux 10, potentially exposing proxy credentials during HTTP redirects to malicious or compromised servers.

For European organizations, the leakage of proxy authentication credentials can have serious consequences. Proxy credentials often provide access to internal networks or sensitive resources, so their exposure could allow attackers to bypass network controls, access confidential information, or pivot within the network. This risk is heightened in environments where proxy authentication is used extensively for controlling outbound traffic or enforcing security policies. Confidentiality is directly impacted, as sensitive credentials may be disclosed to external entities. Although the vulnerability does not affect system integrity or availability, the compromise of proxy credentials can facilitate further attacks that may lead to data breaches or lateral movement. Organizations in sectors such as finance, government, telecommunications, and critical infrastructure that rely on Red Hat Enterprise Linux 10 and libsoup for HTTP communications are particularly at risk. The absence of known exploits in the wild provides a window for proactive mitigation before attackers can weaponize this vulnerability.

To mitigate CVE-2026-1539, organizations should prioritize updating libsoup to a patched version provided by Red Hat as soon as it becomes available. In the interim, administrators should audit and monitor HTTP traffic for unusual proxy-authorization header transmissions, especially during redirects. Application developers using libsoup should review their HTTP redirect handling logic to ensure proxy credentials are not forwarded to untrusted hosts. Network-level controls can be implemented to restrict outbound traffic to known and trusted destinations, reducing the risk of credential exposure. Additionally, organizations should consider rotating proxy credentials regularly and employing multi-factor authentication for proxy access where possible. Logging and alerting on proxy authentication failures or anomalies can help detect potential exploitation attempts. Finally, educating developers and system administrators about the risks of improper header handling during HTTP redirects can prevent similar issues in the future.