CVE-2026-3099: Reusing a Nonce, Key Pair in Encryption in Red Hat Red Hat Enterprise Linux 10
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This vulnerability allows a remote attacker to capture a single valid authentication header and replay it repeatedly. Consequently, the attacker can bypass authentication and gain unauthorized access to protected resources, impersonating the legitimate user.
AI Analysis
Technical Summary
The vulnerability in Red Hat Enterprise Linux 10 involves the Libsoup library's SoupAuthDomainDigest class, which fails to correctly manage nonces and nonce-count values in digest authentication. This improper handling enables replay attacks where an attacker can reuse a captured authentication header to gain unauthorized access. The issue affects server-side digest authentication and compromises authentication integrity by allowing impersonation of legitimate users.
Potential Impact
An attacker who captures a single valid authentication header can replay it repeatedly to bypass authentication controls, gaining unauthorized access to protected resources. This compromises confidentiality and integrity by allowing impersonation of legitimate users. The CVSS score of 5.8 indicates a medium impact with potential limited confidentiality, integrity, and availability effects.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-3099 for current remediation guidance. Until an official fix is available, consider restricting access to affected services and monitoring for suspicious authentication attempts. Do not assume the vulnerability is mitigated without vendor confirmation.
CVE-2026-3099: Reusing a Nonce, Key Pair in Encryption in Red Hat Red Hat Enterprise Linux 10
Description
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This vulnerability allows a remote attacker to capture a single valid authentication header and replay it repeatedly. Consequently, the attacker can bypass authentication and gain unauthorized access to protected resources, impersonating the legitimate user.
CVSS v3.1
Score 5.8medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in Red Hat Enterprise Linux 10 involves the Libsoup library's SoupAuthDomainDigest class, which fails to correctly manage nonces and nonce-count values in digest authentication. This improper handling enables replay attacks where an attacker can reuse a captured authentication header to gain unauthorized access. The issue affects server-side digest authentication and compromises authentication integrity by allowing impersonation of legitimate users.
Potential Impact
An attacker who captures a single valid authentication header can replay it repeatedly to bypass authentication controls, gaining unauthorized access to protected resources. This compromises confidentiality and integrity by allowing impersonation of legitimate users. The CVSS score of 5.8 indicates a medium impact with potential limited confidentiality, integrity, and availability effects.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-3099 for current remediation guidance. Until an official fix is available, consider restricting access to affected services and monitoring for suspicious authentication attempts. Do not assume the vulnerability is mitigated without vendor confirmation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-02-24T07:37:48.680Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-3099","vendor":"Red Hat"}]
Threat ID: 69b2ca582f860ef943997cd8
Added to database: 3/12/2026, 2:14:48 PM
Last enriched: 5/5/2026, 2:10:26 AM
Last updated: 6/12/2026, 2:24:52 PM
Views: 186
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.