CVE-2026-3099
⚪ Do wiadomości
Błąd w Libsoup umożliwia atakującemu powtarzanie ważnych nagłówków uwierzytelnienia.
CVSS
5.8
EPSS
0.4%
Exploit
poc
Vendor
redhat
Opis źródłowy (NVD)
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This vulnerability allows a remote attacker to capture a single valid authentication header and replay it repeatedly. Consequently, the attacker can bypass authentication and gain unauthorized access to protected resources, impersonating the legitimate user.
auth-bypass exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 5.8 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.4% |
| Opublikowano (NVD) | 2026-03-12 14:16:18 UTC |
| Ostatnia modyfikacja (NVD) | 2026-03-23 14:02:25 UTC |
Referencje
- https://access.redhat.com/security/cve/CVE-2026-3099 (secalert@redhat.com) [Third Party Advisory]
- https://bugzilla.redhat.com/show_bug.cgi?id=2442232 (secalert@redhat.com) [Issue Tracking, Third Party Advisory]
- https://gitlab.gnome.org/GNOME/libsoup/-/issues/495 (secalert@redhat.com) [Exploit, Issue Tracking, Third Party Advisory]