CVE-2026-1539

CVSS v3.1

5.8

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions libsoup (affected versions not specified)

Description An issue exists in the libsoup HTTP library where proxy authentication credentials can be sent to unintended destinations. This occurs because, during HTTP redirects to a different host, the library removes the Authorization header but fails to remove the Proxy-Authorization header. Consequently, sensitive proxy authentication data may be exposed to third-party servers. Applications utilizing libsoup for HTTP communication are potentially affected.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-201

Related Identifiers

BDU:2026-05123

CVE-2026-1539

OESA-2026-2337

OESA-2026-2338

OESA-2026-2339

OPENSUSE-SU-2026:10276-1

OPENSUSE-SU-2026:10291-1

OPENSUSE-SU-2026:20354-1

OPENSUSE-SU-2026:20384-1

SUSE-SU-2026:0788-1

SUSE-SU-2026:0792-1

SUSE-SU-2026:0796-1

SUSE-SU-2026:0811-1

SUSE-SU-2026:0833-1

SUSE-SU-2026:0834-1

SUSE-SU-2026:20649-1

SUSE-SU-2026:20727-1

SUSE-SU-2026:20752-1

SUSE-SU-2026:20902-1

USN-8020-1

Affected Products

Linuxmint

Ubuntu

Libsoup

CVE-2026-1539

Weakness Enumeration

Related Identifiers

Affected Products

References · 86