CVE-2026-5119 Redhat CVE debrief

Who should care

Operators and developers who use libsoup behind HTTP proxies, especially in environments where HTTPS traffic is tunneled through a proxy and session cookies are present. Red Hat Enterprise Linux deployments with affected libsoup packages should review the linked advisories.

Technical summary

The NVD record and Red Hat references describe a CWE-319 weakness: sensitive cookies are transmitted in cleartext in the initial proxy CONNECT request used to establish an HTTPS tunnel. The CVSS v3.1 vector is AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N, reflecting network reachability, required user interaction, high confidentiality impact, and low integrity impact. The issue is relevant wherever libsoup is configured to use an HTTP proxy for HTTPS connections.

Defensive priority

Medium overall based on the 5.9 CVSS score, but higher priority if your environment uses HTTP proxies for HTTPS and relies on session cookies. Focus on proxy-heavy deployments, shared networks, and any system where cookie exposure could lead to account compromise.

Recommended defensive actions

• Review whether any applications or systems use libsoup with an HTTP proxy for HTTPS tunneling.
• Apply the relevant Red Hat advisories referenced in the NVD record: RHSA-2026:13978, RHSA-2026:14087, and RHSA-2026:15968.
• Check the Red Hat CVE page and Bugzilla reference for package-specific remediation guidance.
• Reduce exposure by avoiding unnecessary HTTP proxy use for sensitive HTTPS sessions where feasible.
• Treat intercepted session cookies as compromised if proxy-side or network interception is suspected.

Evidence notes

Derived from the supplied NVD record and Red Hat-linked references only. Key evidence includes the CVE description, CVSS vector CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N, weakness CWE-319, and the Red Hat advisory links embedded in the source item. No additional facts were inferred beyond the provided corpus.

Official resources