CVE-2026-5119: Cleartext Transmission of Sensitive Information in Red Hat Red Hat Enterprise Linux 10
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.
AI Analysis
Technical Summary
The vulnerability CVE-2026-5119 affects the libsoup HTTP client and server library in Red Hat Enterprise Linux 8 and 9. When HTTPS tunnels are established through an HTTP proxy, sensitive session cookies are sent in cleartext in the initial HTTP CONNECT request. This cleartext transmission can be intercepted by attackers positioned on the network or by malicious HTTP proxies, exposing session cookies and enabling potential session hijacking or user impersonation. Red Hat has issued security advisories RHSA-2026:13978 and RHSA-2026:14087 providing updated libsoup packages that fix this information disclosure flaw.
Potential Impact
The vulnerability leads to the disclosure of sensitive session cookies during HTTPS tunnel establishment via an HTTP proxy. This exposure can allow attackers with network access or control over the HTTP proxy to intercept session cookies, potentially enabling session hijacking or user impersonation. The CVSS score of 5.9 reflects a moderate impact with high confidentiality impact, low integrity impact, and no availability impact.
Mitigation Recommendations
Red Hat has released official security updates for libsoup in Red Hat Enterprise Linux 8 and 9 that address CVE-2026-5119. Users should apply these updates promptly to remediate the vulnerability. Detailed update instructions are available at https://access.redhat.com/articles/11258. Since this is an official fix, applying the vendor-provided patches is the recommended mitigation. No additional mitigation steps are specified by the vendor advisory.
CVE-2026-5119: Cleartext Transmission of Sensitive Information in Red Hat Red Hat Enterprise Linux 10
Description
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2026-5119 affects the libsoup HTTP client and server library in Red Hat Enterprise Linux 8 and 9. When HTTPS tunnels are established through an HTTP proxy, sensitive session cookies are sent in cleartext in the initial HTTP CONNECT request. This cleartext transmission can be intercepted by attackers positioned on the network or by malicious HTTP proxies, exposing session cookies and enabling potential session hijacking or user impersonation. Red Hat has issued security advisories RHSA-2026:13978 and RHSA-2026:14087 providing updated libsoup packages that fix this information disclosure flaw.
Potential Impact
The vulnerability leads to the disclosure of sensitive session cookies during HTTPS tunnel establishment via an HTTP proxy. This exposure can allow attackers with network access or control over the HTTP proxy to intercept session cookies, potentially enabling session hijacking or user impersonation. The CVSS score of 5.9 reflects a moderate impact with high confidentiality impact, low integrity impact, and no availability impact.
Mitigation Recommendations
Red Hat has released official security updates for libsoup in Red Hat Enterprise Linux 8 and 9 that address CVE-2026-5119. Users should apply these updates promptly to remediate the vulnerability. Detailed update instructions are available at https://access.redhat.com/articles/11258. Since this is an official fix, applying the vendor-provided patches is the recommended mitigation. No additional mitigation steps are specified by the vendor advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-03-30T05:13:41.920Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/errata/RHSA-2026:13978","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2026:14087","vendor":"Red Hat"},{"url":"https://access.redhat.com/security/cve/CVE-2026-5119","vendor":"Red Hat"}]
Threat ID: 69ca16d5e6bfc5ba1dd8ea87
Added to database: 3/30/2026, 6:23:17 AM
Last enriched: 5/14/2026, 3:26:17 AM
Last updated: 5/14/2026, 4:32:03 PM
Views: 99
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.