CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-3099

A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This vulnerability allows a remote attacker to capture a single valid authentication header and replay it repeatedly. Consequently, the attacker can bypass authentication and gain unauthorized access to protected resources, impersonating the legitimate user.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 35.7%

CVSS Severity

CVSS v3 Score 5.8

References

Products affected by CVE-2026-3099

Gnome » Libsoup » Version: N/A

cpe:2.3:a:gnome:libsoup:-
Redhat » Enterprise Linux » Version: 10.0

cpe:2.3:o:redhat:enterprise_linux:10.0
Redhat » Enterprise Linux » Version: 6.0

cpe:2.3:o:redhat:enterprise_linux:6.0
Redhat » Enterprise Linux » Version: 7.0

cpe:2.3:o:redhat:enterprise_linux:7.0
Redhat » Enterprise Linux » Version: 8.0

cpe:2.3:o:redhat:enterprise_linux:8.0
Redhat » Enterprise Linux » Version: 9.0

cpe:2.3:o:redhat:enterprise_linux:9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-3099

Products

Pricing

Contact Us