CVE-2026-3099

EUVD-2026-11573

12.03.2026, 14:16

A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This vulnerability allows a remote attacker to capture a single valid authentication header and replay it repeatedly. Consequently, the attacker can bypass authentication and gain unauthorized access to protected resources, impersonating the legitimate user.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.8 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
gnome	libsoup	-
redhat	enterprise_linux	6.0
redhat	enterprise_linux	7.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux	9.0
redhat	enterprise_linux	10.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libsoup2.4

bookworm	no-dsa
bullseye	vulnerable
bullseye (security)	vulnerable
trixie	no-dsa

libsoup3

bookworm	no-dsa
forky	vulnerable
sid	vulnerable
trixie	no-dsa

Known Exploits!

https://gitlab.gnome.org/GNOME/libsoup/-/issues/495

Common Weakness Enumeration

CWE-323 - Reusing a Nonce, Key Pair in Encryption
Nonces should be used for the present occasion and only once.

References

https://access.redhat.com/security/cve/CVE-2026-3099

https://bugzilla.redhat.com/show_bug.cgi?id=2442232

https://gitlab.gnome.org/GNOME/libsoup/-/issues/495