Zero Day MonitorZDM

← Back to list

5.9

CVE-2026-5119EXPLOITED

red hat · red hat enterprise linux

Libsoup: libsoup: information disclosure via cleartext transmission of cookies during https tunnel establishment

Description

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.

Affected Products

Vendor	Product	Versions
red hat	red hat enterprise linux	—

References

https://access.redhat.com/security/cve/CVE-2026-5119(vdb-entry, x_refsource_REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=2452932(issue-tracking, x_refsource_REDHAT)
https://gitlab.gnome.org/GNOME/libsoup/-/issues/502

Related News (1 articles)

Tier C

VulDB10h ago

CVE-2026-5119 | GNOME libsoup HTTP Proxy cleartext transmission

→ No new info (linked only)

CVSS 3.15.9 NONE

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-319

Published3/30/2026

Last enriched10h agov2

Trending Score38

Source articles1

Independent1

Info Completeness7/14

Missing: versions, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-1961EXP

Forman: foreman: remote code execution via command injection in websocket proxy

HIGHCVE-2026-28369EXP

Undertow: undertow: request smuggling via malformed http request headers

HIGHCVE-2026-28367EXP

Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator

NONECVE-2026-5165EXP

Virtio-win: virtio-win: memory corruption via use-after-free in virtio blk device reset

NONECVE-2026-4948EXP

Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Mar 30, 2026

Discovered by ZDM

Mar 30, 2026

Updated: severity, activelyExploited

Mar 30, 2026

Actively Exploited

Mar 30, 2026

Version History

v2

Last enriched 10h ago

v2Tier C10h ago

Updated vendor to GNOME, changed severity to HIGH, and marked the vulnerability as actively exploited.

severityactivelyExploited

via VulDB

v112h ago

Initial creation