CVE-2026-3099

🗓️ 12 Mar 2026 13:53:48Reported by redhatType

CVE-2026-3099 Libsoup digest authentication allows replay bypass due to nonce tracking failure.

Reporter	Title	Published	Views	Family All 19
ATTACKERKB	CVE-2026-3099	12 Mar 202613:53	–	attackerkb
Information Security Automation	March Linux Patch Wednesday	30 Mar 202620:00	–	avleonov
Circl	CVE-2026-3099	12 Mar 202615:40	–	circl
CNNVD	libsoup 安全漏洞	12 Mar 202600:00	–	cnnvd
Cvelist	CVE-2026-3099 Libsoup: libsoup: authentication bypass via digest authentication replay attack	12 Mar 202613:53	–	cvelist
Debian CVE	CVE-2026-3099	12 Mar 202613:53	–	debiancve
EUVD	EUVD-2026-11573	12 Mar 202615:30	–	euvd
NVD	CVE-2026-3099	12 Mar 202614:16	–	nvd
OSV	CVE-2026-3099	12 Mar 202614:16	–	osv
OSV	DEBIAN-CVE-2026-3099	12 Mar 202614:16	–	osv

NVD

Node

gnome libsoupMatch-

redhat enterprise_linuxMatch6.0

redhat enterprise_linuxMatch7.0

redhat enterprise_linuxMatch8.0

redhat enterprise_linuxMatch9.0

redhat enterprise_linuxMatch10.0

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsoup3",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:10"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsoup",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsoup",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsoup",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "libsoup",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  }
]

Source	Link
gitlab	www.gitlab.gnome.org/GNOME/libsoup/-/issues/495
access	www.access.redhat.com/security/cve/CVE-2026-3099
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

17 Jun 2026 10:43Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.15.8 - 7.3

EPSS0.00355

SSVC

CWE-323