CVE-2026-5119
MED 5.9A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.
Affected Applications in Environment
15
libsoup
v2.72.0-10.el9_6.2
22 devices
libsoup
v2.72.0-10.el9_6.2
1 device
libsoup
v2.72.0-12.el9_7.5
2 devices
libsoup
v2.62.3-7.el8_10
1 device
libsoup
v2.72.0-12.el9_7.3
1 device
libsoup
v2.62.3-3.el8
2 devices
libsoup
v2.72.0-12.el9_7.1
3 devices
libsoup
v2.62.3-7.el8_10
1 device
libsoup
v2.62.3-10.el8_10
1 device
libsoup
v2.62.3-10.el8_10
1 device
libsoup
v2.72.0-10.el9_6.3
1 device
libsoup
v2.62.2-2.el7
1 device
libsoup
v2.62.3-13.el8_10
1 device
libsoup
v2.62.3-11.el8_10
1 device
libsoup
v2.72.0-12.el9_7.5
1 device
Affected Devices
40
chela03
Linux
chela04
Linux
chela05
Linux
devjobsub.banner.usu.edu
Linux
dpapsb-161390.aggies.usu.edu
Linux
dpapsb-191594.mypc.usu.edu
Linux
el103-02.ece.usu.edu
Linux
el103-03.ece.usu.edu
Linux
el103-04.ece.usu.edu
Linux
el103-05.ece.usu.edu
Linux
el103-07.ece.usu.edu
Linux
el103-08.ece.usu.edu
Linux
el103-09.ece.usu.edu
Linux
el103-10.ece.usu.edu
Linux
el103-14.ece.usu.edu
Linux
el103-15.ece.usu.edu
Linux
el103-16.ece.usu.edu
Linux
el103-17.ece.usu.edu
Linux
el103-18.ece.usu.edu
Linux
el103-19.ece.usu.edu
Linux
el103-20.ece.usu.edu
Linux
el120-01.ece.usu.edu
Linux
el120-02.ece.usu.edu
Linux
el120-03.ece.usu.edu
Linux
el120-04.ece.usu.edu
Linux
el120-05.ece.usu.edu
Linux
el120-06.ece.usu.edu
Linux
el120-08.ece.usu.edu
Linux
el120-09.ece.usu.edu
Linux
el120-10.ece.usu.edu
Linux
el120-11.ece.usu.edu
Linux
el120-12.ece.usu.edu
Linux
el120-14.ece.usu.edu
Linux
eprocdev.banner.usu.edu
Linux
facreadyprod.pplant.usu.edu
Linux
facreadytestrhel.pplant.usu.edu
Linux
facshibsp2.pplant.usu.edu
Linux
guru.cluster
Linux
oms.db.usu.edu
Linux
paymentworksdev.banner.usu.edu
Linux