{"dataType": "CVE_RECORD", "containers": {"adp": [{"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"medium\"}"}}}], "affected": [{"vendor": "canonical", "product": "gir1.2-soup-2.4", "platforms": ["bionic", "focal", "jammy", "noble", "resolute", "xenial"], "defaultStatus": "affected"}, {"vendor": "canonical", "product": "libsoup-gnome2.4-1", "platforms": ["bionic", "focal", "jammy", "xenial"], "defaultStatus": "affected"}, {"vendor": "canonical", "product": "libsoup2.4-1", "platforms": ["bionic", "focal", "jammy", "xenial"], "defaultStatus": "affected"}, {"vendor": "canonical", "product": "libsoup2.4-tests", "platforms": ["focal", "jammy", "noble", "resolute"], "defaultStatus": "affected"}, {"vendor": "canonical", "product": "libsoup2.4-common", "platforms": ["jammy", "noble", "resolute"], "defaultStatus": "affected"}, {"vendor": "canonical", "product": "libsoup-2.4-1", "platforms": ["noble", "resolute"], "defaultStatus": "affected"}, {"vendor": "canonical", "product": "libsoup-gnome-2.4-1", "platforms": ["noble", "resolute"], "defaultStatus": "affected"}, {"vendor": "canonical", "product": "gir1.2-soup-3.0", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.0.7-0ubuntu1+esm7", "versionType": "custom"}], "platforms": ["jammy"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "libsoup-3.0-0", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.0.7-0ubuntu1+esm7", "versionType": "custom"}], "platforms": ["jammy"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "libsoup-3.0-common", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.0.7-0ubuntu1+esm7", "versionType": "custom"}], "platforms": ["jammy"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "libsoup-3.0-tests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.0.7-0ubuntu1+esm7", "versionType": "custom"}], "platforms": ["jammy"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "gir1.2-soup-3.0", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.4.4-5ubuntu0.7", "versionType": "custom"}], "platforms": ["noble"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "libsoup-3.0-0", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.4.4-5ubuntu0.7", "versionType": "custom"}], "platforms": ["noble"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "libsoup-3.0-common", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.4.4-5ubuntu0.7", "versionType": "custom"}], "platforms": ["noble"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "libsoup-3.0-tests", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.4.4-5ubuntu0.7", "versionType": "custom"}], "platforms": ["noble"], "defaultStatus": "unaffected"}], "references": [{"url": "https://ubuntu.com/security/CVE-2026-1539"}, {"url": "https://ubuntu.com/security/notices/USN-8020-1"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-1539"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the libsoup HTTP library that can cause proxyauthentication credentials to be sent to unintended destinations. Whenhandling HTTP redirects, libsoup removes the Authorization header but doesnot remove the Proxy-Authorization header if the request is redirected to adifferent host. As a result, sensitive proxy credentials may be leaked tothird-party servers. Applications using libsoup for HTTP communication mayunintentionally expose proxy authentication data."}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2026-01-28T16:16:00Z", "x_subShortName": "canonical"}}, {"metrics": [{"other": {"type": "Unknown", "content": {"data": "{\"description\":\"not yet assigned\"}"}}}], "affected": [{"vendor": "debian", "product": "gir1.2-soup-2.4", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "libsoup-gnome2.4-1", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "libsoup-gnome2.4-1-dbgsym", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "libsoup-gnome2.4-dev", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "libsoup2.4-1", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "libsoup2.4-1-dbgsym", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "libsoup2.4-dev", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "libsoup2.4-doc", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "libsoup2.4-tests", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "libsoup2.4-tests-dbgsym", "platforms": ["bullseye"], "defaultStatus": "affected"}, {"vendor": "debian", "product": "libsoup2.4", "platforms": ["bookworm", "trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libsoup3", "platforms": ["bookworm", "trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "gir1.2-soup-3.0", "versions": [{"status": "affected", "version": "0", "lessThan": "3.6.5-8", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libsoup-3.0-0", "versions": [{"status": "affected", "version": "0", "lessThan": "3.6.5-8", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libsoup-3.0-0-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.6.5-8", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libsoup-3.0-dev", "versions": [{"status": "affected", "version": "0", "lessThan": "3.6.5-8", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libsoup-3.0-tests", "versions": [{"status": "affected", "version": "0", "lessThan": "3.6.5-8", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "libsoup-3.0-tests-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "3.6.5-8", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}], "references": [{"url": "https://security-tracker.debian.org/tracker/CVE-2026-1539"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data."}], "providerMetadata": {"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian", "dateUpdated": "2026-01-28T15:15:48.725Z", "x_subShortName": "debian"}}, {"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "redhat", "product": "libsoup3", "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "libsoup3-devel", "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "libsoup3-doc", "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "affected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-1539"}, {"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/489"}, {"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1539"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-1539"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-01-28T00:00:00Z", "x_subShortName": "redhat_10"}}, {"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "redhat", "product": "libsoup", "platforms": ["cpe:/o:redhat:enterprise_linux:6"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "libsoup-devel", "platforms": ["cpe:/o:redhat:enterprise_linux:6"], "defaultStatus": "affected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-1539"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data. \n            The Red Hat Product Security team has assessed the severity of this vulnerability as Medium. Exploitation requires network access but does not require authentication, user interaction, or special privileges. Successful exploitation may result in the disclosure of proxy authentication credentials to unintended third parties. While the issue does not directly allow code execution or service disruption, leakage of authentication material represents a meaningful confidentiality risk. The root cause is improper handling of sensitive headers during HTTP redirect processing.\n            Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-01-28T00:00:00Z", "x_subShortName": "redhat_6"}}, {"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "redhat", "product": "libsoup", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "libsoup-devel", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-1539"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data. \n            The Red Hat Product Security team has assessed the severity of this vulnerability as Medium. Exploitation requires network access but does not require authentication, user interaction, or special privileges. Successful exploitation may result in the disclosure of proxy authentication credentials to unintended third parties. While the issue does not directly allow code execution or service disruption, leakage of authentication material represents a meaningful confidentiality risk. The root cause is improper handling of sensitive headers during HTTP redirect processing.\n            Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-01-28T00:00:00Z", "x_subShortName": "redhat_7"}}, {"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "redhat", "product": "libsoup", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "libsoup-devel", "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-1539"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data. \n            The Red Hat Product Security team has assessed the severity of this vulnerability as Medium. Exploitation requires network access but does not require authentication, user interaction, or special privileges. Successful exploitation may result in the disclosure of proxy authentication credentials to unintended third parties. While the issue does not directly allow code execution or service disruption, leakage of authentication material represents a meaningful confidentiality risk. The root cause is improper handling of sensitive headers during HTTP redirect processing.\n            Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-01-28T00:00:00Z", "x_subShortName": "redhat_8"}}, {"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "redhat", "product": "libsoup", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "libsoup-devel", "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-1539"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data. \n            The Red Hat Product Security team has assessed the severity of this vulnerability as Medium. Exploitation requires network access but does not require authentication, user interaction, or special privileges. Successful exploitation may result in the disclosure of proxy authentication credentials to unintended third parties. While the issue does not directly allow code execution or service disruption, leakage of authentication material represents a meaningful confidentiality risk. The root cause is improper handling of sensitive headers during HTTP redirect processing.\n            Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-01-28T00:00:00Z", "x_subShortName": "redhat_9"}}, {"metrics": [{"other": {"type": "Unknown", "content": {"data": "{\"description\":\"medium\"}"}}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"unspecified\"}"}}}], "affected": [{"vendor": "fedora", "product": "libsoup3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.6.6-2.fc43", "versionType": "rpm"}], "platforms": ["cpe:/o:fedoraproject:fedora:43"], "defaultStatus": "unaffected"}, {"vendor": "fedora", "product": "libsoup3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.6.6-6.fc44", "versionType": "rpm"}], "platforms": ["cpe:/o:fedoraproject:fedora:44"], "defaultStatus": "unaffected"}, {"vendor": "fedora", "product": "libsoup3", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.6.6-6.fc45", "versionType": "rpm"}], "platforms": ["cpe:/o:fedoraproject:fedora:45"], "defaultStatus": "unaffected"}], "references": [{"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-55dabf3975"}, {"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-6fb683df94"}, {"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-f029d04054"}], "descriptions": [{"lang": "en", "value": "libsoup3: libsoup: Credential leakage via HTTP redirects"}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2026-03-20T10:12:49Z", "x_subShortName": "fedora"}}, {"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "suse", "product": "libsoup-2_4-1", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.74.2-150400.3.31.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:23.4", "cpe:/o:suse:oes-release:24.4", "cpe:/o:suse:sles-ltss:15:sp4", "cpe:/o:suse:sles-ltss:15:sp5", "cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles:15:sp5", "cpe:/o:suse:sles_sap:15:sp4", "cpe:/o:suse:sles_sap:15:sp5", "cpe:/o:suse:sles_teradata:15:sp4"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libsoup-3_0-0", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.0.4-150400.3.37.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:23.4", "cpe:/o:suse:oes-release:24.4", "cpe:/o:suse:sles-ltss:15:sp4", "cpe:/o:suse:sles-ltss:15:sp5", "cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles:15:sp5", "cpe:/o:suse:sles_sap:15:sp4", "cpe:/o:suse:sles_sap:15:sp5", "cpe:/o:suse:sles_teradata:15:sp4"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libsoup-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.0.4-150400.3.37.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:23.4", "cpe:/o:suse:oes-release:24.4", "cpe:/o:suse:sles-ltss:15:sp4", "cpe:/o:suse:sles-ltss:15:sp5", "cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles:15:sp5", "cpe:/o:suse:sles_sap:15:sp4", "cpe:/o:suse:sles_sap:15:sp5", "cpe:/o:suse:sles_teradata:15:sp4"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libsoup-lang", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.0.4-150400.3.37.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:23.4", "cpe:/o:suse:oes-release:24.4", "cpe:/o:suse:sles-ltss:15:sp4", "cpe:/o:suse:sles-ltss:15:sp5", "cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles:15:sp5", "cpe:/o:suse:sles_sap:15:sp4", "cpe:/o:suse:sles_sap:15:sp5", "cpe:/o:suse:sles_teradata:15:sp4"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libsoup2-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.74.2-150400.3.31.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:23.4", "cpe:/o:suse:oes-release:24.4", "cpe:/o:suse:sles-ltss:15:sp4", "cpe:/o:suse:sles-ltss:15:sp5", "cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles:15:sp5", "cpe:/o:suse:sles_sap:15:sp4", "cpe:/o:suse:sles_sap:15:sp5", "cpe:/o:suse:sles_teradata:15:sp4"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libsoup2-lang", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.74.2-150400.3.31.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:23.4", "cpe:/o:suse:oes-release:24.4", "cpe:/o:suse:sles-ltss:15:sp4", "cpe:/o:suse:sles-ltss:15:sp5", "cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles:15:sp5", "cpe:/o:suse:sles_sap:15:sp4", "cpe:/o:suse:sles_sap:15:sp5", "cpe:/o:suse:sles_teradata:15:sp4"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "typelib-1_0-Soup-2_4", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.74.2-150400.3.31.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:23.4", "cpe:/o:suse:oes-release:24.4", "cpe:/o:suse:sles-ltss:15:sp4", "cpe:/o:suse:sles-ltss:15:sp5", "cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles:15:sp5", "cpe:/o:suse:sles_sap:15:sp4", "cpe:/o:suse:sles_sap:15:sp5", "cpe:/o:suse:sles_teradata:15:sp4"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "typelib-1_0-Soup-3_0", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.0.4-150400.3.37.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:23.4", "cpe:/o:suse:oes-release:24.4", "cpe:/o:suse:sles-ltss:15:sp4", "cpe:/o:suse:sles-ltss:15:sp5", "cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles:15:sp5", "cpe:/o:suse:sles_sap:15:sp4", "cpe:/o:suse:sles_sap:15:sp5", "cpe:/o:suse:sles_teradata:15:sp4"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libsoup-2_4-1", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.74.3-150600.4.30.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles-ltss:15:sp6", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libsoup-3_0-0", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.4.4-150600.3.37.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles-ltss:15:sp6", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libsoup-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.4.4-150600.3.37.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles-ltss:15:sp6", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libsoup-lang", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.4.4-150600.3.37.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles-ltss:15:sp6", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libsoup2-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.74.3-150600.4.30.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles-ltss:15:sp6", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libsoup2-lang", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.74.3-150600.4.30.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles-ltss:15:sp6", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "typelib-1_0-Soup-2_4", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.74.3-150600.4.30.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles-ltss:15:sp6", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "typelib-1_0-Soup-3_0", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.4.4-150600.3.37.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles-ltss:15:sp6", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1257441"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1539", "name": "Mitre CVE-2026-1539"}, {"url": "https://www.suse.com/security/cve/CVE-2026-1539", "name": "SUSE CVE-2026-1539"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024530.html", "name": "SUSE-SU-2026:0788-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024564.html", "name": "SUSE-SU-2026:0792-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024565.html", "name": "SUSE-SU-2026:0796-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024600.html", "name": "SUSE-SU-2026:0811-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024636.html", "name": "SUSE-SU-2026:0833-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024638.html", "name": "SUSE-SU-2026:0834-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2026-March/044819.html", "name": "SUSE-SU-2026:20649-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024801.html", "name": "SUSE-SU-2026:20727-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024832.html", "name": "SUSE-SU-2026:20752-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025111.html", "name": "SUSE-SU-2026:20902-1"}], "descriptions": [{"lang": "en", "value": "\n    A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2026-03-04T00:00:00Z", "x_subShortName": "suse_server_15"}}, {"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "suse", "product": "libsoup-2_4-1", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.74.3-150600.4.30.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libsoup-3_0-0", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.4.4-150600.3.37.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libsoup-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.4.4-150600.3.37.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libsoup-lang", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.4.4-150600.3.37.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libsoup2-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.74.3-150600.4.30.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libsoup2-lang", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.74.3-150600.4.30.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "typelib-1_0-Soup-2_4", "versions": [{"status": "affected", "version": "0", "lessThan": "0:2.74.3-150600.4.30.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "typelib-1_0-Soup-3_0", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.4.4-150600.3.37.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1257441"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1539", "name": "Mitre CVE-2026-1539"}, {"url": "https://www.suse.com/security/cve/CVE-2026-1539", "name": "SUSE CVE-2026-1539"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024530.html", "name": "SUSE-SU-2026:0788-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024564.html", "name": "SUSE-SU-2026:0792-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024565.html", "name": "SUSE-SU-2026:0796-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024600.html", "name": "SUSE-SU-2026:0811-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024636.html", "name": "SUSE-SU-2026:0833-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024638.html", "name": "SUSE-SU-2026:0834-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2026-March/044819.html", "name": "SUSE-SU-2026:20649-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024801.html", "name": "SUSE-SU-2026:20727-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024832.html", "name": "SUSE-SU-2026:20752-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025111.html", "name": "SUSE-SU-2026:20902-1"}], "descriptions": [{"lang": "en", "value": "\n    A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2026-03-04T00:00:00Z", "x_subShortName": "suse_desktop_15"}}, {"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "suse", "product": "libsoup-3_0-0", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.6.6-160000.1.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0", "cpe:/o:suse:sles_sap:16.0"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libsoup-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.6.6-160000.1.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0", "cpe:/o:suse:sles_sap:16.0"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libsoup-lang", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.6.6-160000.1.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0", "cpe:/o:suse:sles_sap:16.0"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "typelib-1_0-Soup-3_0", "versions": [{"status": "affected", "version": "0", "lessThan": "0:3.6.6-160000.1.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0", "cpe:/o:suse:sles_sap:16.0"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1257441"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1539", "name": "Mitre CVE-2026-1539"}, {"url": "https://www.suse.com/security/cve/CVE-2026-1539", "name": "SUSE CVE-2026-1539"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024530.html", "name": "SUSE-SU-2026:0788-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024564.html", "name": "SUSE-SU-2026:0792-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024565.html", "name": "SUSE-SU-2026:0796-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024600.html", "name": "SUSE-SU-2026:0811-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024636.html", "name": "SUSE-SU-2026:0833-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024638.html", "name": "SUSE-SU-2026:0834-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2026-March/044819.html", "name": "SUSE-SU-2026:20649-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024801.html", "name": "SUSE-SU-2026:20727-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024832.html", "name": "SUSE-SU-2026:20752-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025111.html", "name": "SUSE-SU-2026:20902-1"}], "descriptions": [{"lang": "en", "value": "\n    A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2026-03-26T00:00:00Z", "x_subShortName": "suse_server_16"}}, {"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "amazon", "product": "libsoup3", "versions": [{"status": "affected", "version": "0", "lessThan": "3.6.5-56.amzn2023", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "libsoup3-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "3.6.5-56.amzn2023", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "libsoup3-debugsource", "versions": [{"status": "affected", "version": "0", "lessThan": "3.6.5-56.amzn2023", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "libsoup3-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "3.6.5-56.amzn2023", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "libsoup3-doc", "versions": [{"status": "affected", "version": "0", "lessThan": "3.6.5-56.amzn2023", "versionType": "rpm"}], "defaultStatus": "unaffected"}], "references": [{"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1539"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data."}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000000", "shortName": "alas", "dateUpdated": "2026-03-02T09:00:00Z", "x_subShortName": "alas_2023"}}, {"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "unknown", "product": "unknown", "defaultStatus": "unknown"}], "solutions": [{"lang": "en", "value": "SUSE bug 1257441"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1539", "name": "Mitre CVE-2026-1539"}, {"url": "https://www.suse.com/security/cve/CVE-2026-1539", "name": "SUSE CVE-2026-1539"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024530.html", "name": "SUSE-SU-2026:0788-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024564.html", "name": "SUSE-SU-2026:0792-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024565.html", "name": "SUSE-SU-2026:0796-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024600.html", "name": "SUSE-SU-2026:0811-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024636.html", "name": "SUSE-SU-2026:0833-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024638.html", "name": "SUSE-SU-2026:0834-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2026-March/044819.html", "name": "SUSE-SU-2026:20649-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024801.html", "name": "SUSE-SU-2026:20727-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024832.html", "name": "SUSE-SU-2026:20752-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025111.html", "name": "SUSE-SU-2026:20902-1"}], "descriptions": [{"lang": "en", "value": "\n    A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2026-03-05T00:00:00Z", "x_subShortName": "suse_server_12"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"cpes": ["cpe:2.3:a:gnome:libsoup:-:*:*:*:*:*:*:*"], "vendor": "gnome", "product": "libsoup", "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*"], "vendor": "redhat", "product": "enterprise_linux", "versions": [{"status": "affected", "version": "10.0"}, {"status": "affected", "version": "6.0"}, {"status": "affected", "version": "7.0"}, {"status": "affected", "version": "8.0"}, {"status": "affected", "version": "9.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/489", "tags": ["issue-tracking", "vendor-advisory"]}, {"url": "https://access.redhat.com/security/cve/CVE-2026-1539", "tags": ["third-party-advisory"]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data."}, {"lang": "es", "value": "Se encontró una falla en la librería HTTP libsoup que puede causar que las credenciales de autenticación de proxy se envíen a destinos no deseados. Al manejar redirecciones HTTP, libsoup elimina el encabezado Authorization pero no elimina el encabezado Proxy-Authorization si la solicitud es redirigida a un host diferente. Como resultado, las credenciales de proxy sensibles pueden filtrarse a servidores de terceros. Las aplicaciones que usan libsoup para comunicación HTTP pueden exponer involuntariamente datos de autenticación de proxy."}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-201", "description": "CWE-201"}]}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000003", "shortName": "nvd", "dateUpdated": "2026-01-28T16:16:16Z", "x_subShortName": "nvd"}}}, "cveMetadata": {"cveId": "CVE-2026-1539", "state": "PUBLISHED", "dateUpdated": "2026-03-25T14:08:59Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2026-01-28T16:16:16Z", "assignerShortName": "redhat"}, "dataVersion": "5.0"}