Description
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This vulnerability allows a remote attacker to capture a single valid authentication header and replay it repeatedly. Consequently, the attacker can bypass authentication and gain unauthorized access to protected resources, impersonating the legitimate user.
Published: 2026-03-12
Score: 5.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Authentication Bypass
Action: Assess Impact
AI Analysis

Impact

A flaw in Libsoup’s server‑side digest authentication implementation fails to enforce nonce‑count progression and to track issued nonces, allowing a remote attacker to capture a single valid authentication header and replay it indefinitely. The attacker can thereby bypass authentication and impersonate a legitimate user, leading to unauthorized access, potential data tampering, and loss of confidentiality or integrity for resources protected by this mechanism.

Affected Systems

Red Hat Enterprise Linux releases 6, 7, 8, 9, and 10 are affected, as are systems that ship the GNOME Libsoup library. No specific version numbers are listed; the flaw applies to the Libsoup packages bundled with these operating systems and the referenced component.

Risk and Exploitability

The CVSS score of 5.8 signals moderate severity, while an EPSS value below 1% indicates a low current probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires only the ability to capture a valid HTTP Digest Authorization header over the network; the attacker can then replay that header with no additional privileges or access rights. Because no patch or widely applicable workaround is presently available, the risk persists as long as Digest authentication remains in use. The likely attack vector is a remote attacker observing traffic to a service that enables Digest authentication, capturing a single valid Authorization header, and replaying it repeatedly to gain access.

Generated by OpenCVE AI on April 17, 2026 at 09:57 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

OpenCVE Recommended Actions

  • Disable HTTP Digest authentication for all services or migrate to a stronger authentication method such as token‑based authentication or mutual TLS.
  • Restrict the network exposure of services that rely on Digest authentication by applying firewall rules or segmenting the network so that only trusted hosts can reach those services.
  • Continuously monitor authentication logs and network traffic for repeated use of the same Authorization header, and deploy intrusion detection tools to alert on potential replay attacks.
  • Refer to the Red Hat Product Security CNA workaround status: currently no workaround meets the criteria, so rely on the above measures.

Generated by OpenCVE AI on April 17, 2026 at 09:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Gnome
Gnome libsoup
CPEs cpe:2.3:a:gnome:libsoup:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Vendors & Products Gnome
Gnome libsoup

Thu, 12 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
References

Thu, 12 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This vulnerability allows a remote attacker to capture a single valid authentication header and replay it repeatedly. Consequently, the attacker can bypass authentication and gain unauthorized access to protected resources, impersonating the legitimate user.
Title libsoup: Libsoup: Authentication bypass via digest authentication replay attack Libsoup: libsoup: authentication bypass via digest authentication replay attack
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References

Wed, 25 Feb 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Libsoup
Libsoup libsoup
Vendors & Products Libsoup
Libsoup libsoup

Tue, 24 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title libsoup: Libsoup: Authentication bypass via digest authentication replay attack
Weaknesses CWE-323
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L'}

threat_severity

Moderate

Subscriptions

Gnome Libsoup
Libsoup Libsoup
Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-05-01T15:31:03.428Z

Reserved: 2026-02-24T07:37:48.680Z

Link: CVE-2026-3099

cve-icon Vulnrichment

Updated: 2026-03-12T17:44:38.510Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-12T14:16:18.760

Modified: 2026-03-23T14:02:25.830

Link: CVE-2026-3099

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-24T01:01:00Z

Links: CVE-2026-3099 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T10:00:03Z

Weaknesses