NVD HIGH: CVE-2026-5119 — A flaw was found in libsoup. When establishing HTTPS tunnels through a configure...

Monday, March 30, 2026 at 07:15 AM UTC·Source: NIST NVD

Updated: Monday, April 6, 2026 at 12:17 AM UTC

Executive Summary

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.

Analysis

Indicators of Compromise (1)

CVE (1)

CVE-2026-5119

NVD MITRE CVE

Source Attribution

Originally published by NIST NVD on Mar 30, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerability

The End of Static Security: Why AI Demands Real-Time Microsegmentation

AI is compressing cyberattack timelines from months to minutes. While segmentation has been a gold standard security practice for years, many organizations are still operating with outdated, static approaches.

2h agoBank Info Security

MEDIUMVulnerability

Why Data Security Standards in Cancer Innovation Matter

Cancer research and treatment innovation - and the tech that powers that - requires a great deal of collaboration and data sharing among multiple parties. But keeping that sensitive information secure and private is crucial - and requires adherence to standards, said Baxter Lee of Clearwater.

2h agoBank Info Security

MEDIUMVulnerability

One-Time Passcodes Are Gateway for Financial Fraud Attacks

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/one-time-passcodes-are-gateway-for-financial-fraud-attacks-image_small-6-a-31341.jpg" align=right hspace=4><b>Report Reveals Growing Trend of Fraudsters Intercepting SMS-Based Verification</b><br>Financial institutions have historically relied on one-time passcodes as a primary authentication control for their accountholders. But

2h agoBank Info Security