PGV-2640814 - RHSA-2026:22710: libsoup security update (Moderate)

Disclosed on June 03, 2026 (updated June 03, 2026)

Vulnerability Overview

PGV-2640814 is a category 2 vulnerabilty that affects the following packages:

libsoup, versions < 0:2.62.3-3.el8_8.9
libsoup-devel, versions < 0:2.62.3-3.el8_8.9

CVSS Score: 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N)

Risk Assessment

The risk assessment shows that this vulnerability is exlpoited by a compromised user. A legitimate user who unknowingly triggers exploitation of this vulnerability through normal interaction.

The impact is contained to the application. Exploitation remains confined to the application and cannot affect the host environment or external systems.

The threat damage is caused by a data breach. Exploitation can result in full access to data within the system.is caused by data tampering (limited). Exploitation does not allow modification of data beyond what the user is already authorized to modify.

Vulnerability Details

The libsoup packages provide an HTTP client and server library for GNOME.

Security Fix(es):

libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment (CVE-2026-5119)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Common Weakness Enumerations

CWE-319 - Cleartext Transmission of Sensitive Information

Additional References

Your Risk Profile

Network Exposure	External Accessable from the public internet
Access Interface	WebBrowser Primarily web-based applications
Service Outage	Disruptive Operations would be impacted
Data Breach	Disruptive Operations would be impacted
Data Tampering	Disruptive Operations would be impacted
Customize

Additional Identifiers

CVE-2026-5119
oval:com.redhat.rhsa:def:202622710