Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.8
Libsoup Digest Authentication Allows Repeated Login Attempts
CVE-2026-3099
Summary
Libsoup's authentication system is flawed, allowing attackers to reuse a valid login. This means a hacker can pretend to be a legitimate user and access protected resources without a new login. Update Libsoup to fix this vulnerability and prevent unauthorized access.
Original title
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-...
Original description
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This vulnerability allows a remote attacker to capture a single valid authentication header and replay it repeatedly. Consequently, the attacker can bypass authentication and gain unauthorized access to protected resources, impersonating the legitimate user.
nvd CVSS3.1
5.8
Vulnerability type
CWE-323
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026