PT-2026-28762 · Red Hat · Red Hat Enterprise Linux 10+4
Published
2026-03-30
·
Updated
2026-03-30
·
CVE-2026-5119
CVSS v3.1
5.9
Medium
| AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N |
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9