CVE-2026-1539 is a vulnerability discovered in the libsoup HTTP library, which is widely used in Red Hat Enterprise Linux 10 for HTTP communication. The issue arises during the handling of HTTP redirects: when a request is redirected to a different host, libsoup correctly removes the Authorization header to prevent credential leakage, but it fails to remove the Proxy-Authorization header. This oversight causes the proxy authentication credentials contained in the Proxy-Authorization header to be sent to the redirected host, which may be an unintended third-party server. As a result, sensitive proxy credentials can be exposed to potentially malicious actors. This vulnerability does not require any user interaction or prior authentication, making it easier to exploit remotely. The flaw impacts confidentiality by leaking sensitive proxy credentials but does not affect integrity or availability. The CVSS 3.1 base score is 5.8 (medium severity), reflecting the network attack vector, low attack complexity, no privileges required, no user interaction, and a scope change due to credentials being sent outside the original trust boundary. No known public exploits have been reported yet, but the risk remains significant for environments using libsoup with proxy authentication. The vulnerability primarily affects applications and services built on Red Hat Enterprise Linux 10 that rely on libsoup for HTTP requests involving proxy authentication and redirects.

The primary impact of CVE-2026-1539 is the unintended disclosure of proxy authentication credentials to third-party servers during HTTP redirects. This can lead to unauthorized access to proxy services, allowing attackers to potentially intercept or manipulate network traffic routed through the compromised proxy. Organizations using proxy authentication with libsoup-based applications may face increased risk of credential theft, which could facilitate further attacks such as man-in-the-middle, data interception, or lateral movement within internal networks. The confidentiality of proxy credentials is compromised, but the vulnerability does not directly affect data integrity or system availability. The scope of affected systems includes any application or service on Red Hat Enterprise Linux 10 that uses libsoup for HTTP communication with proxy authentication enabled. Given the widespread use of Red Hat Enterprise Linux in enterprise environments, this vulnerability could impact a broad range of organizations, especially those relying on proxy infrastructure for secure internet access or internal network segmentation.

To mitigate CVE-2026-1539, organizations should prioritize applying official patches or updates from Red Hat that address the libsoup library's handling of Proxy-Authorization headers during HTTP redirects. If patches are not immediately available, consider the following specific mitigations: 1) Disable or avoid using proxy authentication in libsoup-dependent applications where feasible, especially in scenarios involving HTTP redirects across different hosts. 2) Implement network-level controls to restrict outbound HTTP redirects or monitor for suspicious redirect behavior that could lead to credential leakage. 3) Use alternative HTTP libraries that correctly handle proxy authentication headers during redirects until the vulnerability is patched. 4) Audit and rotate proxy credentials regularly to minimize the impact of potential credential exposure. 5) Employ strict proxy access controls and logging to detect and respond to unauthorized proxy usage. 6) Educate developers and system administrators about the risks of proxy credential leakage and encourage secure coding and configuration practices regarding HTTP redirects and authentication headers.