CVE-2026-1539

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different...

UBUNTU-CVE-2026-1539

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different...

CVE-2026-1539 Libsoup: libsoup: credential leakage via http redirects

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different...

CVE-2026-1539

The connected IBM ACE bulletin confirms CVE-2026-1539 is a libsoup HTTP library issue: during HTTP redirects, the library removes the Authorization header but may fail to remove Proxy-Authorization when redirecting to a different host, potentially leaking proxy credentials to third-party servers....

CVE-2026-1539

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different...

libsoup security vulnerabilities

Libsoup is a GNOME project’s HTTP client/server library. Libsoup has a security vulnerability that stems from failing to remove the Proxy-Authorization header when handling HTTP redirection, which may lead to the exposure of proxy credentials...

Medium: python3-urllib3

Issue Overview: urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possib...

MiracleLinux 7 : python-pip-9.0.3-8.0.1.el7.AXS7 (AXSA:2024-8982:05)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8982:05 advisory. CVE-2024-37891: strip Proxy-Authorization header on redirects CVEs: CVE-2024-37891 urllib3 is a user-friendly HTTP client library for Python. When using...

MiracleLinux 9 : python-requests-2.25.1-7.el9 (AXSA:2023-6284:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6284:01 advisory. python-requests: Unintended leak of Proxy-Authorization header CVE-2023-32681 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : python3.12-urllib3-1.26.19-1.el8_10 (AXSA:2024-8976:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8976:01 advisory. urllib3: proxy-authorization request header is not stripped during cross-origin redirects CVE-2024-37891 Tenable has extracted the preceding description bloc...

MiracleLinux 7 : python-urllib3-1.10.2-7.0.1.el7.AXS7 (AXSA:2024-9026:07)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-9026:07 advisory. CVE-2024-37891: strip Proxy-Authorization header on redirects CVEs: CVE-2024-37891 urllib3 is a user-friendly HTTP client library for Python. When using...

MiracleLinux 9 : python3.11-urllib3-1.26.12-2.el9.1 (AXSA:2024-9170:04)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-9170:04 advisory. urllib3: proxy-authorization request header is not stripped during cross-origin redirects CVE-2024-37891 Tenable has extracted the preceding description bloc...

MiracleLinux 8 : python39:3.9 and python39-devel:3.9 (AXSA:2023-7325:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7325:03 advisory. python: tarfile module directory traversal CVE-2007-4559 python-requests: Unintended leak of Proxy-Authorization header CVE-2023-32681 Tenable has...

MiracleLinux 8 : python38:3.8 and python38-devel:3.8 (AXSA:2023-7324:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7324:01 advisory. python: tarfile module directory traversal CVE-2007-4559 python-requests: Unintended leak of Proxy-Authorization header CVE-2023-32681 Tenable has...

MiracleLinux 8 : python-requests-2.20.0-3.el8 (AXSA:2023-6324:02)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-6324:02 advisory. python-requests: Unintended leak of Proxy-Authorization header CVE-2023-32681 Tenable has extracted the preceding description block directly from the...

MiracleLinux 9 : python3.12-urllib3-1.26.18-2.el9.1 (AXSA:2024-9270:02)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-9270:02 advisory. urllib3: proxy-authorization request header is not stripped during cross-origin redirects CVE-2024-37891 Tenable has extracted the preceding description bloc...

EulerOS Virtualization 2.13.0 : python-pip (EulerOS-SA-2025-2616)

According to the versions of the python-pip packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers...

EulerOS 2.0 SP13 : python-pip (EulerOS-SA-2025-2510)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected...

TencentOS Server 4: python-urllib3 (TSSA-2024:0551)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0551 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 3: python3.11-urllib3 (TSSA-2024:0797)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0797 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...