CVE-2026-5119 · A flaw was found in libsoup.

01 · The Real Story

This is less a front-door break-in than a receptionist reading your sealed envelope before handing it to the courier

CVE-2026-5119 is a cleartext cookie leak in libsoup's HTTP CONNECT handling. When a libsoup-based client establishes an HTTPS tunnel through a configured HTTP proxy, some sensitive cookies can ride along in the initial CONNECT request before the TLS tunnel is up, exposing them to the proxy or any attacker who can observe that proxy hop. The issue was disclosed on 2026-03-30 and affects both the libsoup 2.x and 3.x lines shipped by major Linux vendors until their distro backports landed; examples of patched builds include RHEL/OL 8 libsoup-2.62.3-14.el8_10, RHEL/OL 9 libsoup-2.72.0-12.el9_7.6, and RHEL/OL 10 libsoup3-3.6.5-3.el10_1.11.

The vendor's MEDIUM 5.9 is technically fair, but in enterprise patch triage this lands lower because the attack path is heavily gated. The attacker does not get unauthenticated internet reachability to a server; they need a victim using a libsoup-based client, a configured HTTP proxy, proxied HTTPS traffic, and either control of that proxy or visibility on the client-to-proxy leg. That is a real confidentiality problem for session-bearing applications, but it is not broad pre-auth RCE, not wormable, and not the kind of thing that should jump ahead of edge-exposed exploitation chains.

"Real risk exists, but it needs a bad proxy or on-path visibility plus proxied HTTPS traffic through libsoup"

02 · The Attack Path

4 steps from start to impact.

STEP 01

Find a libsoup client behind an HTTP proxy

The attacker first needs a target application that actually uses libsoup as its HTTP stack and is configured to send HTTPS traffic through a plain HTTP proxy using CONNECT. Typical candidates are desktop apps, agents, or internal tools on Linux rather than internet-facing servers. Weaponized tooling here is usually just environment/proxy discovery, not a public exploit kit.

Conditions required:

Target software uses libsoup 2.x or 3.x
HTTPS requests are sent through a configured HTTP proxy
The vulnerable distro build has not received the vendor backport

Where this breaks in practice:

Many enterprise workloads using libsoup are not exposed services at all; they are clients
A large slice of traffic no longer uses explicit HTTP proxies
Asset inventories often know the package is installed but not whether any app is actually exercising the vulnerable path

Detection/coverage: Package scanners will flag installed vulnerable libsoup / libsoup3 builds, but they usually cannot prove the host is using an HTTP proxy or that session cookies traverse that path.

STEP 02

Gain visibility on the client-to-proxy hop

The leak happens before the TLS tunnel is fully established, so the attacker must either operate the proxy, compromise it, or sit on the network segment between the client and the proxy. In practice this is a network-positioned or malicious-infrastructure attack, not internet spray-and-pray. Tools are ordinary packet capture or proxy logging, not a specialized RCE framework.

Conditions required:

Attacker controls the HTTP proxy, has compromised it, or can sniff traffic between client and proxy
The proxy leg is not otherwise protected end-to-end

Where this breaks in practice:

This implies prior access or trusted infrastructure control
Modern enterprise networks centralize and monitor proxy infrastructure
If no proxy is used, the bug is irrelevant

Detection/coverage: Network IDS can sometimes see anomalous CONNECT requests with unexpected Cookie headers on the client-to-proxy leg. Proxy logs may also reveal cookies where none should appear.

STEP 03

Capture cookies from the CONNECT request

Once positioned, the attacker watches the initial CONNECT request and extracts any cookies that libsoup incorrectly attached. The upstream patch explicitly changes cookie handling to avoid sending cookies on HTTP proxy CONNECT for HTTPS requests, confirming the leak condition. A simple intercepting proxy or packet capture is sufficient.

Conditions required:

The application sends session-bearing cookies on requests that hit this path
The cookies are still valid and scoped in a way useful to the attacker

Where this breaks in practice:

Not every request carries valuable cookies
Some applications may rely on other anti-session-hijack controls
Short-lived or device-bound sessions reduce payoff

Detection/coverage: Very little host-side telemetry exists unless the application logs raw request headers. Network or proxy inspection is the best detection point.

STEP 04

Replay the session for impersonation

The attacker then tries to reuse the captured cookie against the destination application to impersonate the victim or hijack an active session. This is the impact stage: confidentiality loss plus some limited integrity exposure depending on what the session can do. The tool at this stage is just a browser, curl, or a replay-capable proxy such as Burp.

Conditions required:

Captured cookie maps to an authenticated session
The target service accepts the cookie from the attacker's context

Where this breaks in practice:

MFA does not protect an already-issued session token
IP pinning, token binding, re-auth prompts, or short TTLs may block replay
Blast radius is usually limited to one user's application session, not system-wide code execution

Detection/coverage: Application telemetry may show suspicious session reuse from a new source IP or geography, but many session stores will not distinguish replay cleanly.

03 · Intelligence Metadata

The supporting signals.

In-the-wild status	No credible active exploitation evidence found in the reviewed sources, and not listed in CISA KEV.
Proof-of-concept availability	I found patches and issue references, but no widely circulated weaponized public exploit in the reviewed sources. NVD links GNOME issue #502 as an exploit/reference, and OpenEmbedded backported the upstream commit.
EPSS	0.00014 (~0.014%), which is very low and consistent with a niche, prerequisite-heavy path.
KEV status	Not KEV-listed; no CISA due date applies.
CVSS vector	`CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N` — the important parts are AC:H and UI:R, but the real-world suppressor is stronger than the vector shows: it effectively needs a malicious or observed proxy path.
Affected version ranges	Affects vulnerable distro builds of libsoup 2.x and libsoup3 3.x before vendor backports. Debian marked `libsoup2.4` and `libsoup3` releases as vulnerable/unfixed at publication time, while Ubuntu initially showed Needs evaluation.
Fixed versions	Documented fixed builds include RHEL/OL 8 `2.62.3-14.el8_10`, RHEL/OL 9 `2.72.0-12.el9_7.6` / later `2.72.0-16.el9_8.1`, and RHEL/OL 10 `libsoup3-3.6.5-3.el10_1.11`.
Scanning and exposure reality	This is a library flaw in client-side request handling, so Shodan/Censys-style internet exposure counts are mostly meaningless. Exposure is determined by package presence + actual HTTP proxy use, not a listening port.
Disclosure date	2026-03-30 public disclosure; NVD published the same date and later accumulated distro advisories in May and June 2026.
Reporter / credit	The CNA record attributes discovery to Kona Arctic, per the mirrored CVE metadata.

04 · The Call

noisgate verdict.

Final Verdict

↓ DOWNGRADED to LOW (3.2/10)

The single biggest severity suppressor is attacker position: this bug only pays off if traffic traverses a vulnerable libsoup client through an HTTP proxy that the attacker controls or can observe. That sharply narrows both the reachable population and the blast radius versus a normal network CVSS reading.

HIGH Technical root cause and fixed-version mapping for RHEL/OL/SUSE-linked builds

MEDIUM Enterprise prevalence assumptions around explicit HTTP proxy use in libsoup-based clients

MEDIUM Absence of public weaponized exploitation in reviewed sources

Why this verdict

Downgrade for attacker position: exploitation requires a malicious proxy or on-path visibility between client and proxy, which usually implies prior compromise, insider placement, or trusted infrastructure control.
Downgrade for reachability: the vulnerable code path is only exercised when a libsoup-based client sends HTTPS through an HTTP proxy; many hosts with the package installed will never hit that path.
Downgrade for blast radius: impact is typically session hijack of one application context, not host takeover, privilege escalation, or broad service compromise.

Why not higher?

This is not an internet-facing server-side pre-auth bug and not a generic passive network leak on every HTTPS request. The exploit chain needs multiple environmental qualifiers at once: libsoup client, HTTP proxy, vulnerable build, useful cookies, and attacker visibility or proxy control.

Why not lower?

It still leaks real authentication material when the prerequisites line up, and session replay can be materially damaging in enterprise apps. If you run monitored or untrusted proxy infrastructure, this moves from theoretical to operational and deserves cleanup rather than dismissal.

05 · Compensating Control

What to do — in priority order.

Restrict or harden HTTP proxy use — Prefer direct TLS egress or trusted authenticated proxy paths for apps that use libsoup, and review explicit proxy settings in desktop images, service units, and container environments. For a LOW verdict there is no SLA-based mitigation deadline, but treat this as backlog hygiene and remove unnecessary proxy exposure before the remediation window closes.
Monitor CONNECT requests for cookies — Inspect proxy logs or packet captures on the client-to-proxy leg for CONNECT requests that carry a Cookie header, because that is the telltale bad behavior the upstream fix suppresses. There is no mitigation SLA for LOW, so implement where practical and use it mainly to identify high-value affected workflows.
Prioritize high-value proxied clients — If you cannot patch every package instance quickly, focus first on systems where libsoup-backed apps carry authenticated sessions to internal portals, admin consoles, or SaaS through explicit proxies. For LOW, use standard backlog handling rather than emergency change windows.
Review session defense settings — Short session lifetimes, re-auth for sensitive actions, and anomaly detection on session reuse reduce the payoff of captured cookies. These are secondary controls and should be completed within normal engineering cycles before the patch deadline.

What doesn't work

A WAF does not help much here because the leak happens in the client-to-proxy CONNECT request, upstream of the protected application.
MFA alone is not sufficient once a valid session cookie has already been issued and can be replayed.
Generic internet perimeter scanning will not find this reliably because the problem is a library behavior, not an exposed listening service.

06 · Verification

Crowdsourced verification payload.

Run this on the target Linux host or inside the affected container image. Invoke it as bash verify-cve-2026-5119.sh with normal local read access; root is not required unless your package database is restricted. The script checks installed libsoup / libsoup3 packages and compares them against known fixed distro builds where authoritative version data exists.

noisgate-verify.sh

BASHREAD-ONLYSAFE

#!/usr/bin/env bash
# verify-cve-2026-5119.sh
# Check common Linux package states for CVE-2026-5119 in libsoup/libsoup3.
# Output: VULNERABLE / PATCHED / UNKNOWN
# Exit codes: 0=PATCHED, 1=VULNERABLE, 2=UNKNOWN

set -u

have_cmd() { command -v "$1" >/dev/null 2>&1; }

result="PATCHED"
reason=()

mark_vuln() {
  result="VULNERABLE"
  reason+=("$1")
}

mark_unknown() {
  if [ "$result" != "VULNERABLE" ]; then
    result="UNKNOWN"
  fi
  reason+=("$1")
}

check_rpm_pkg() {
  local pkg="$1"
  local fixed="$2"

  if rpm -q "$pkg" >/dev/null 2>&1; then
    local evr
    evr="$(rpm -q --qf '%{EPOCH}:%{VERSION}-%{RELEASE}\n' "$pkg" 2>/dev/null)"
    if [ -z "$evr" ]; then
      mark_unknown "Could not read EVR for RPM package $pkg"
      return
    fi

    if rpmdev-vercmp "$evr" "$fixed" >/tmp/rpmvercmp.$$ 2>/dev/null; then
      local rc=$?
      :
    fi

    # rpmdev-vercmp exit codes are not reliable for all installs, so use rpm comparison macro instead.
    if rpm --quiet --eval "%{lua:if rpm.vercmp('$evr','$fixed') >= 0 then print('ok') else print('bad') end}" | grep -q '^ok$'; then
      reason+=("$pkg installed at $evr (>= fixed $fixed)")
    else
      mark_vuln "$pkg installed at $evr (< fixed $fixed)"
    fi
  fi
}

check_dpkg_pkg() {
  local pkg="$1"
  if dpkg-query -W -f='${Status} ${Version}\n' "$pkg" 2>/dev/null | grep -q '^install ok installed '; then
    local ver
    ver="$(dpkg-query -W -f='${Version}\n' "$pkg" 2>/dev/null)"
    # No authoritative fixed Debian/Ubuntu versions were available in the reviewed sources.
    mark_unknown "$pkg installed at $ver; distro-specific fixed version not confirmed in reviewed sources"
  fi
}

if have_cmd rpm; then
  # Known fixed builds from vendor advisories / distro mirrors in reviewed sources.
  check_rpm_pkg libsoup  '0:2.62.3-14.el8_10'
  check_rpm_pkg libsoup  '0:2.72.0-12.el9_7.6'
  check_rpm_pkg libsoup  '0:2.72.0-16.el9_8.1'
  check_rpm_pkg libsoup3 '0:3.6.5-3.el10_1.11'
  check_rpm_pkg libsoup3 '0:3.6.5-3.el10_2.11'
fi

if have_cmd dpkg-query; then
  check_dpkg_pkg libsoup2.4-1
  check_dpkg_pkg libsoup-2.4-1
  check_dpkg_pkg libsoup-3.0-0
  check_dpkg_pkg libsoup3
fi

if [ "$result" = "PATCHED" ]; then
  echo "PATCHED"
  printf '%s\n' "${reason[@]}" | sed '/^$/d' || true
  exit 0
elif [ "$result" = "VULNERABLE" ]; then
  echo "VULNERABLE"
  printf '%s\n' "${reason[@]}" | sed '/^$/d' || true
  exit 1
else
  echo "UNKNOWN"
  printf '%s\n' "${reason[@]}" | sed '/^$/d' || true
  exit 2
fi

07 · Bottom Line

If you remember one thing.

TL;DR

Monday morning: treat this as LOW, not a fire drill. Use your package inventory to identify hosts with libsoup / libsoup3, then narrow further to systems that actually send HTTPS through explicit HTTP proxies; there is no noisgate mitigation SLA for LOW, so this is backlog hygiene rather than emergency containment, and your noisgate remediation SLA is to land the vendor patch within 365 days. If you discover a sensitive proxied workflow on shared or weakly trusted proxy infrastructure, pull that subset forward even though the global bucket stays LOW.

Sources

Peer Review

What defenders are saying.

Submit a review attribution: handle + country only

0 flags selected · stored anonymously

Validation Results

Crowdsourced verification outputs.

Results submitted by users who ran the verification payload against their environment.