libsoup Proxy Authentication Credential Leakage Vulnerability

Vulnerability

A vulnerability in the libsoup HTTP library can lead to unintended transmission of proxy authentication credentials to external servers. This issue arises during HTTP redirects, where libsoup correctly removes the Authorization header but fails to do the same for the Proxy-Authorization header when the request is redirected to a different host. Consequently, sensitive proxy credentials may be inadvertently exposed to third-party servers. Applications that utilize libsoup for HTTP communication could unintentionally leak proxy authentication data.

Impact

Exploitation of this vulnerability may result in the unauthorized disclosure of proxy authentication credentials to third parties, creating a significant confidentiality risk.

Added: Jan 28, 2026, 4:29 PM

Updated: Jan 28, 2026, 4:29 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

6.0

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

6.0

remediation

0.0

relevance

2.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libsoup Proxy Authentication Credential Leakage Vulnerability

Vulnerability

Impact

Affected Products

libsoup

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating