CVE-2026-3099 is a vulnerability identified in the Libsoup library, specifically affecting the server-side digest authentication mechanism implemented in the SoupAuthDomainDigest class. Digest authentication is designed to provide a challenge-response mechanism that protects credentials by using nonces and nonce-counts to prevent replay attacks. However, this flaw arises because the implementation does not properly track issued nonces nor enforce the incrementing nonce-count (nc) attribute as required by the digest authentication protocol. As a result, an attacker who captures a single valid authentication header can replay it repeatedly to gain unauthorized access. This replay attack effectively bypasses authentication controls, allowing the attacker to impersonate legitimate users and access protected resources. The vulnerability affects Red Hat Enterprise Linux 10 systems that utilize Libsoup for HTTP client-server communications involving digest authentication. The CVSS v3.1 base score is 5.8, reflecting a medium severity level due to the network attack vector, required user interaction, and the need for high attack complexity. The scope is changed (S:C) because the vulnerability can affect resources beyond the initial component. Confidentiality, integrity, and availability impacts are all rated low but present. No known exploits have been reported in the wild at the time of publication. The vulnerability was publicly disclosed on March 12, 2026, and no patches or mitigations were listed in the provided data, indicating the need for prompt vendor response and user vigilance.

The primary impact of CVE-2026-3099 is unauthorized access to protected resources through replay attacks on digest authentication. This can lead to impersonation of legitimate users, potentially exposing sensitive data and allowing unauthorized actions within affected systems. Confidentiality is compromised as attackers can access information intended only for authenticated users. Integrity may be affected if attackers perform unauthorized modifications under the guise of legitimate users. Availability impact is possible if attackers disrupt services by repeated authentication attempts or misuse of access. Organizations relying on Red Hat Enterprise Linux 10 with services that use Libsoup digest authentication are at risk, especially if these services protect critical or sensitive resources. The medium severity score reflects that exploitation requires capturing valid authentication headers and some user interaction, limiting ease of exploitation but not eliminating risk. The lack of known exploits currently reduces immediate threat but does not preclude future attacks. Overall, the vulnerability poses a moderate risk to organizational security posture, particularly in environments with high-value targets or sensitive data.

To mitigate CVE-2026-3099, organizations should: 1) Monitor Red Hat and Libsoup vendor advisories closely for patches or updates addressing this vulnerability and apply them promptly once available. 2) Implement network-level protections such as restricting access to services using digest authentication to trusted networks or VPNs to reduce exposure. 3) Employ additional authentication layers or multi-factor authentication where possible to reduce reliance on digest authentication alone. 4) Enable detailed logging and monitoring of authentication attempts to detect repeated or suspicious replay activity. 5) Consider disabling or replacing digest authentication with more secure protocols like OAuth or TLS client certificates if feasible. 6) Conduct regular security assessments and penetration tests focusing on authentication mechanisms to identify potential weaknesses. 7) Educate users and administrators about the risks of replay attacks and the importance of safeguarding authentication tokens and headers. These steps go beyond generic advice by focusing on compensating controls and proactive detection until patches are available.