ByteOS Network

NVD Vulnerability Details :

CVE-2026-1539

Analyzed

Source-secalert@redhat.com

Published At-28 Jan, 2026 | 16:16

Updated At-25 Mar, 2026 | 14:08

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.8	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Primary	3.1	5.8	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 5.8

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Type: Primary

Version: 3.1

Base score: 5.8

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

CPE Matches

Weaknesses

CWE ID	Type	Source
CWE-201	Secondary	secalert@redhat.com

CWE ID: CWE-201

Type: Secondary

Source: secalert@redhat.com

References

Hyperlink	Source	Resource
https://access.redhat.com/security/cve/CVE-2026-1539	secalert@redhat.com	Third Party Advisory
https://gitlab.gnome.org/GNOME/libsoup/-/issues/489	secalert@redhat.com	Issue Tracking Vendor Advisory

Hyperlink: https://access.redhat.com/security/cve/CVE-2026-1539

Source: secalert@redhat.com

Resource:

Third Party Advisory

Hyperlink: https://gitlab.gnome.org/GNOME/libsoup/-/issues/489

Source: secalert@redhat.com

Resource:

Issue Tracking

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History