CVE-2026-3099

Name of the Vulnerable Software and Affected Versions Libsoup (affected versions not specified)

Description The server-side digest authentication implementation within the SoupAuthDomainDigest class does not correctly manage issued nonces or enforce the necessary incremental nonce-count (nc) attribute. This allows a remote attacker to capture a single valid authentication header and replay it multiple times, bypassing authentication and gaining unauthorized access to protected resources while impersonating a legitimate user. A nonce is a random or pseudo-random value used to prevent replay attacks. The nc attribute is a counter that must increment with each authentication attempt to ensure the validity of the request.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.