Vulnerability-Lookup

SUSE-SU-2026:22146-1

Vulnerability from csaf_suse - Published: 2026-06-17 08:57 - Updated: 2026-06-17 08:57

Summary

Security update for curl

Severity

Moderate

Notes

Title of the patch: Security update for curl

Description of the patch: This update for curl fixes the following issues: - CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631). - CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632). - CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635). - CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636). - CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638).

Patchnames: SUSE-SL-Micro-6.2-938

CVE-2026-4873

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2026-5545

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2026-6253

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2026-6276

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2026-6429

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

26 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-updates/2026…	self
https://bugzilla.suse.com/1262631	self
https://bugzilla.suse.com/1262632	self
https://bugzilla.suse.com/1262635	self
https://bugzilla.suse.com/1262636	self
https://bugzilla.suse.com/1262638	self
https://www.suse.com/security/cve/CVE-2026-4873/	self
https://www.suse.com/security/cve/CVE-2026-5545/	self
https://www.suse.com/security/cve/CVE-2026-6253/	self
https://www.suse.com/security/cve/CVE-2026-6276/	self
https://www.suse.com/security/cve/CVE-2026-6429/	self
https://www.suse.com/security/cve/CVE-2026-4873	external
https://bugzilla.suse.com/1262631	external
https://www.suse.com/security/cve/CVE-2026-5545	external
https://bugzilla.suse.com/1262632	external
https://bugzilla.suse.com/1268407	external
https://www.suse.com/security/cve/CVE-2026-6253	external
https://bugzilla.suse.com/1262635	external
https://bugzilla.suse.com/1268299	external
https://www.suse.com/security/cve/CVE-2026-6276	external
https://bugzilla.suse.com/1262636	external
https://www.suse.com/security/cve/CVE-2026-6429	external
https://bugzilla.suse.com/1262638	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for curl",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for curl fixes the following issues:\n\n- CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631).\n- CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632).\n- CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635).\n- CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636).\n- CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SL-Micro-6.2-938",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22146-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2026:22146-1",
        "url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622146-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2026:22146-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047422.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1262631",
        "url": "https://bugzilla.suse.com/1262631"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1262632",
        "url": "https://bugzilla.suse.com/1262632"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1262635",
        "url": "https://bugzilla.suse.com/1262635"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1262636",
        "url": "https://bugzilla.suse.com/1262636"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1262638",
        "url": "https://bugzilla.suse.com/1262638"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4873 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4873/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-5545 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-5545/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-6253 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-6253/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-6276 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-6276/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-6429 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-6429/"
      }
    ],
    "title": "Security update for curl",
    "tracking": {
      "current_release_date": "2026-06-17T08:57:16Z",
      "generator": {
        "date": "2026-06-17T08:57:16Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2026:22146-1",
      "initial_release_date": "2026-06-17T08:57:16Z",
      "revision_history": [
        {
          "date": "2026-06-17T08:57:16Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-8.14.1-160000.6.1.aarch64",
                "product": {
                  "name": "curl-8.14.1-160000.6.1.aarch64",
                  "product_id": "curl-8.14.1-160000.6.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-8.14.1-160000.6.1.aarch64",
                "product": {
                  "name": "libcurl4-8.14.1-160000.6.1.aarch64",
                  "product_id": "libcurl4-8.14.1-160000.6.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-8.14.1-160000.6.1.ppc64le",
                "product": {
                  "name": "curl-8.14.1-160000.6.1.ppc64le",
                  "product_id": "curl-8.14.1-160000.6.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-8.14.1-160000.6.1.ppc64le",
                "product": {
                  "name": "libcurl4-8.14.1-160000.6.1.ppc64le",
                  "product_id": "libcurl4-8.14.1-160000.6.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-8.14.1-160000.6.1.s390x",
                "product": {
                  "name": "curl-8.14.1-160000.6.1.s390x",
                  "product_id": "curl-8.14.1-160000.6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-8.14.1-160000.6.1.s390x",
                "product": {
                  "name": "libcurl4-8.14.1-160000.6.1.s390x",
                  "product_id": "libcurl4-8.14.1-160000.6.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "curl-8.14.1-160000.6.1.x86_64",
                "product": {
                  "name": "curl-8.14.1-160000.6.1.x86_64",
                  "product_id": "curl-8.14.1-160000.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcurl4-8.14.1-160000.6.1.x86_64",
                "product": {
                  "name": "libcurl4-8.14.1-160000.6.1.x86_64",
                  "product_id": "libcurl4-8.14.1-160000.6.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Micro 6.2",
                "product": {
                  "name": "SUSE Linux Micro 6.2",
                  "product_id": "SUSE Linux Micro 6.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sl-micro:6.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-8.14.1-160000.6.1.aarch64 as component of SUSE Linux Micro 6.2",
          "product_id": "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.aarch64"
        },
        "product_reference": "curl-8.14.1-160000.6.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Micro 6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-8.14.1-160000.6.1.ppc64le as component of SUSE Linux Micro 6.2",
          "product_id": "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.ppc64le"
        },
        "product_reference": "curl-8.14.1-160000.6.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Micro 6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-8.14.1-160000.6.1.s390x as component of SUSE Linux Micro 6.2",
          "product_id": "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.s390x"
        },
        "product_reference": "curl-8.14.1-160000.6.1.s390x",
        "relates_to_product_reference": "SUSE Linux Micro 6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "curl-8.14.1-160000.6.1.x86_64 as component of SUSE Linux Micro 6.2",
          "product_id": "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.x86_64"
        },
        "product_reference": "curl-8.14.1-160000.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Micro 6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-8.14.1-160000.6.1.aarch64 as component of SUSE Linux Micro 6.2",
          "product_id": "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.aarch64"
        },
        "product_reference": "libcurl4-8.14.1-160000.6.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Micro 6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-8.14.1-160000.6.1.ppc64le as component of SUSE Linux Micro 6.2",
          "product_id": "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.ppc64le"
        },
        "product_reference": "libcurl4-8.14.1-160000.6.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Micro 6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-8.14.1-160000.6.1.s390x as component of SUSE Linux Micro 6.2",
          "product_id": "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.s390x"
        },
        "product_reference": "libcurl4-8.14.1-160000.6.1.s390x",
        "relates_to_product_reference": "SUSE Linux Micro 6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcurl4-8.14.1-160000.6.1.x86_64 as component of SUSE Linux Micro 6.2",
          "product_id": "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.x86_64"
        },
        "product_reference": "libcurl4-8.14.1-160000.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Micro 6.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-4873",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4873"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability exists where a connection requiring TLS incorrectly reuses an\nexisting unencrypted connection from the same connection pool. If an initial\ntransfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request\nto that same host bypasses the TLS requirement and instead transmit data\nunencrypted.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.aarch64",
          "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.ppc64le",
          "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.s390x",
          "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.x86_64",
          "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.aarch64",
          "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.ppc64le",
          "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.s390x",
          "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4873",
          "url": "https://www.suse.com/security/cve/CVE-2026-4873"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262631 for CVE-2026-4873",
          "url": "https://bugzilla.suse.com/1262631"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.aarch64",
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.ppc64le",
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.s390x",
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.x86_64",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.aarch64",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.ppc64le",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.s390x",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.aarch64",
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.ppc64le",
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.s390x",
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.x86_64",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.aarch64",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.ppc64le",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.s390x",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-06-17T08:57:16Z",
          "details": "low"
        }
      ],
      "title": "CVE-2026-4873"
    },
    {
      "cve": "CVE-2026-5545",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-5545"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "libcurl might in some circumstances reuse the wrong connection when asked to\ndo an authenticated HTTP(S) request after a Negotiate-authenticated one, when\nboth use the same host.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criteria must be met. Due to a logical\nerror in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials.\n\nAn application that first uses Negotiate authentication to a server with\n`user1:password1` and then does another operation to the same server asking\nfor any authentication method but for `user2:password2` (while the previous\nconnection is still alive) - the second request gets confused and wrongly\nreuses the same connection and sends the new request over that connection\nthinking it uses a mix of user1\u0027s and user2\u0027s credentials when it is in fact\nstill using the connection authenticated for user1...",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.aarch64",
          "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.ppc64le",
          "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.s390x",
          "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.x86_64",
          "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.aarch64",
          "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.ppc64le",
          "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.s390x",
          "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-5545",
          "url": "https://www.suse.com/security/cve/CVE-2026-5545"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262632 for CVE-2026-5545",
          "url": "https://bugzilla.suse.com/1262632"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1268407 for CVE-2026-5545",
          "url": "https://bugzilla.suse.com/1268407"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.aarch64",
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.ppc64le",
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.s390x",
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.x86_64",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.aarch64",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.ppc64le",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.s390x",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.aarch64",
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.ppc64le",
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.s390x",
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.x86_64",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.aarch64",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.ppc64le",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.s390x",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-06-17T08:57:16Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-5545"
    },
    {
      "cve": "CVE-2026-6253",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-6253"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "curl might erroneously pass on credentials for a first proxy to a second\nproxy.\n\nThis can happen when the following conditions are true:\n\n1. curl is setup to use specific different proxies for different URL schemes\n2. the first proxy needs credentials\n3. the second proxy uses no credentials\n4. while using the first proxy (using say `http://`), curl is asked to follow\n   a redirect to a URL using another scheme (say `https://`), accessed using a\n   second, different, proxy",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.aarch64",
          "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.ppc64le",
          "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.s390x",
          "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.x86_64",
          "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.aarch64",
          "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.ppc64le",
          "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.s390x",
          "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-6253",
          "url": "https://www.suse.com/security/cve/CVE-2026-6253"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262635 for CVE-2026-6253",
          "url": "https://bugzilla.suse.com/1262635"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1268299 for CVE-2026-6253",
          "url": "https://bugzilla.suse.com/1268299"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.aarch64",
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.ppc64le",
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.s390x",
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.x86_64",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.aarch64",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.ppc64le",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.s390x",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.aarch64",
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.ppc64le",
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.s390x",
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.x86_64",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.aarch64",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.ppc64le",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.s390x",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-06-17T08:57:16Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-6253"
    },
    {
      "cve": "CVE-2026-6276",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-6276"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Using libcurl, when a custom `Host:` header is first set for an HTTP request\nand a second request is subsequently done using the same *easy handle* but\nwithout the custom `Host:` header set, the second request would use stale\ninformation and pass on cookies meant for the first host in the second\nrequest. Leak them.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.aarch64",
          "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.ppc64le",
          "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.s390x",
          "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.x86_64",
          "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.aarch64",
          "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.ppc64le",
          "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.s390x",
          "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-6276",
          "url": "https://www.suse.com/security/cve/CVE-2026-6276"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262636 for CVE-2026-6276",
          "url": "https://bugzilla.suse.com/1262636"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.aarch64",
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.ppc64le",
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.s390x",
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.x86_64",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.aarch64",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.ppc64le",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.s390x",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.aarch64",
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.ppc64le",
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.s390x",
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.x86_64",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.aarch64",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.ppc64le",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.s390x",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-06-17T08:57:16Z",
          "details": "low"
        }
      ],
      "title": "CVE-2026-6276"
    },
    {
      "cve": "CVE-2026-6429",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-6429"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, libcurl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.aarch64",
          "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.ppc64le",
          "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.s390x",
          "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.x86_64",
          "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.aarch64",
          "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.ppc64le",
          "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.s390x",
          "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-6429",
          "url": "https://www.suse.com/security/cve/CVE-2026-6429"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1262638 for CVE-2026-6429",
          "url": "https://bugzilla.suse.com/1262638"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.aarch64",
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.ppc64le",
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.s390x",
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.x86_64",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.aarch64",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.ppc64le",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.s390x",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.aarch64",
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.ppc64le",
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.s390x",
            "SUSE Linux Micro 6.2:curl-8.14.1-160000.6.1.x86_64",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.aarch64",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.ppc64le",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.s390x",
            "SUSE Linux Micro 6.2:libcurl4-8.14.1-160000.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-06-17T08:57:16Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-6429"
    }
  ]
}

CVE-2026-4873 (GCVE-0-2026-4873)

Vulnerability from cvelistv5 – Published: 2026-05-13 08:27 – Updated: 2026-05-13 19:30

Title

connection reuse ignores TLS requirement

Summary

A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request to that same host bypasses the TLS requirement and instead transmit data unencrypted.

Severity

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-319 Cleartext Transmission of Sensitive Information
CWE-319 - Cleartext Transmission of Sensitive Information

Assigner

curl

References

4 references

URL	Tags
https://curl.se/docs/CVE-2026-4873.json
https://curl.se/docs/CVE-2026-4873.html
https://hackerone.com/reports/3621851
http://www.openwall.com/lists/oss-security/2026/04/29/7

Impacted products

1 product

Vendor	Product	Version
curl	curl	Affected: 8.19.0 , ≤ 8.19.0 (semver) Affected: 8.18.0 , ≤ 8.18.0 (semver) Affected: 8.17.0 , ≤ 8.17.0 (semver) Affected: 8.16.0 , ≤ 8.16.0 (semver) Affected: 8.15.0 , ≤ 8.15.0 (semver) Affected: 8.14.1 , ≤ 8.14.1 (semver) Affected: 8.14.0 , ≤ 8.14.0 (semver) Affected: 8.13.0 , ≤ 8.13.0 (semver) Affected: 8.12.1 , ≤ 8.12.1 (semver) Affected: 8.12.0 , ≤ 8.12.0 (semver) Affected: 8.11.1 , ≤ 8.11.1 (semver) Affected: 8.11.0 , ≤ 8.11.0 (semver) Affected: 8.10.1 , ≤ 8.10.1 (semver) Affected: 8.10.0 , ≤ 8.10.0 (semver) Affected: 8.9.1 , ≤ 8.9.1 (semver) Affected: 8.9.0 , ≤ 8.9.0 (semver) Affected: 8.8.0 , ≤ 8.8.0 (semver) Affected: 8.7.1 , ≤ 8.7.1 (semver) Affected: 8.7.0 , ≤ 8.7.0 (semver) Affected: 8.6.0 , ≤ 8.6.0 (semver) Affected: 8.5.0 , ≤ 8.5.0 (semver) Affected: 8.4.0 , ≤ 8.4.0 (semver) Affected: 8.3.0 , ≤ 8.3.0 (semver) Affected: 8.2.1 , ≤ 8.2.1 (semver) Affected: 8.2.0 , ≤ 8.2.0 (semver) Affected: 8.1.2 , ≤ 8.1.2 (semver) Affected: 8.1.1 , ≤ 8.1.1 (semver) Affected: 8.1.0 , ≤ 8.1.0 (semver) Affected: 8.0.1 , ≤ 8.0.1 (semver) Affected: 8.0.0 , ≤ 8.0.0 (semver) Affected: 7.88.1 , ≤ 7.88.1 (semver) Affected: 7.88.0 , ≤ 7.88.0 (semver) Affected: 7.87.0 , ≤ 7.87.0 (semver) Affected: 7.86.0 , ≤ 7.86.0 (semver) Affected: 7.85.0 , ≤ 7.85.0 (semver) Affected: 7.84.0 , ≤ 7.84.0 (semver) Affected: 7.83.1 , ≤ 7.83.1 (semver) Affected: 7.83.0 , ≤ 7.83.0 (semver) Affected: 7.82.0 , ≤ 7.82.0 (semver) Affected: 7.81.0 , ≤ 7.81.0 (semver) Affected: 7.80.0 , ≤ 7.80.0 (semver) Affected: 7.79.1 , ≤ 7.79.1 (semver) Affected: 7.79.0 , ≤ 7.79.0 (semver) Affected: 7.78.0 , ≤ 7.78.0 (semver) Affected: 7.77.0 , ≤ 7.77.0 (semver) Affected: 7.76.1 , ≤ 7.76.1 (semver) Affected: 7.76.0 , ≤ 7.76.0 (semver) Affected: 7.75.0 , ≤ 7.75.0 (semver) Affected: 7.74.0 , ≤ 7.74.0 (semver) Affected: 7.73.0 , ≤ 7.73.0 (semver) Affected: 7.72.0 , ≤ 7.72.0 (semver) Affected: 7.71.1 , ≤ 7.71.1 (semver) Affected: 7.71.0 , ≤ 7.71.0 (semver) Affected: 7.70.0 , ≤ 7.70.0 (semver) Affected: 7.69.1 , ≤ 7.69.1 (semver) Affected: 7.69.0 , ≤ 7.69.0 (semver) Affected: 7.68.0 , ≤ 7.68.0 (semver) Affected: 7.67.0 , ≤ 7.67.0 (semver) Affected: 7.66.0 , ≤ 7.66.0 (semver) Affected: 7.65.3 , ≤ 7.65.3 (semver) Affected: 7.65.2 , ≤ 7.65.2 (semver) Affected: 7.65.1 , ≤ 7.65.1 (semver) Affected: 7.65.0 , ≤ 7.65.0 (semver) Affected: 7.64.1 , ≤ 7.64.1 (semver) Affected: 7.64.0 , ≤ 7.64.0 (semver) Affected: 7.63.0 , ≤ 7.63.0 (semver) Affected: 7.62.0 , ≤ 7.62.0 (semver) Affected: 7.61.1 , ≤ 7.61.1 (semver) Affected: 7.61.0 , ≤ 7.61.0 (semver) Affected: 7.60.0 , ≤ 7.60.0 (semver) Affected: 7.59.0 , ≤ 7.59.0 (semver) Affected: 7.58.0 , ≤ 7.58.0 (semver) Affected: 7.57.0 , ≤ 7.57.0 (semver) Affected: 7.56.1 , ≤ 7.56.1 (semver) Affected: 7.56.0 , ≤ 7.56.0 (semver) Affected: 7.55.1 , ≤ 7.55.1 (semver) Affected: 7.55.0 , ≤ 7.55.0 (semver) Affected: 7.54.1 , ≤ 7.54.1 (semver) Affected: 7.54.0 , ≤ 7.54.0 (semver) Affected: 7.53.1 , ≤ 7.53.1 (semver) Affected: 7.53.0 , ≤ 7.53.0 (semver) Affected: 7.52.1 , ≤ 7.52.1 (semver) Affected: 7.52.0 , ≤ 7.52.0 (semver) Affected: 7.51.0 , ≤ 7.51.0 (semver) Affected: 7.50.3 , ≤ 7.50.3 (semver) Affected: 7.50.2 , ≤ 7.50.2 (semver) Affected: 7.50.1 , ≤ 7.50.1 (semver) Affected: 7.50.0 , ≤ 7.50.0 (semver) Affected: 7.49.1 , ≤ 7.49.1 (semver) Affected: 7.49.0 , ≤ 7.49.0 (semver) Affected: 7.48.0 , ≤ 7.48.0 (semver) Affected: 7.47.1 , ≤ 7.47.1 (semver) Affected: 7.47.0 , ≤ 7.47.0 (semver) Affected: 7.46.0 , ≤ 7.46.0 (semver) Affected: 7.45.0 , ≤ 7.45.0 (semver) Affected: 7.44.0 , ≤ 7.44.0 (semver) Affected: 7.43.0 , ≤ 7.43.0 (semver) Affected: 7.42.1 , ≤ 7.42.1 (semver) Affected: 7.42.0 , ≤ 7.42.0 (semver) Affected: 7.41.0 , ≤ 7.41.0 (semver) Affected: 7.40.0 , ≤ 7.40.0 (semver) Affected: 7.39.0 , ≤ 7.39.0 (semver) Affected: 7.38.0 , ≤ 7.38.0 (semver) Affected: 7.37.1 , ≤ 7.37.1 (semver) Affected: 7.37.0 , ≤ 7.37.0 (semver) Affected: 7.36.0 , ≤ 7.36.0 (semver) Affected: 7.35.0 , ≤ 7.35.0 (semver) Affected: 7.34.0 , ≤ 7.34.0 (semver) Affected: 7.33.0 , ≤ 7.33.0 (semver) Affected: 7.32.0 , ≤ 7.32.0 (semver) Affected: 7.31.0 , ≤ 7.31.0 (semver) Affected: 7.30.0 , ≤ 7.30.0 (semver) Affected: 7.29.0 , ≤ 7.29.0 (semver) Affected: 7.28.1 , ≤ 7.28.1 (semver) Affected: 7.28.0 , ≤ 7.28.0 (semver) Affected: 7.27.0 , ≤ 7.27.0 (semver) Affected: 7.26.0 , ≤ 7.26.0 (semver) Affected: 7.25.0 , ≤ 7.25.0 (semver) Affected: 7.24.0 , ≤ 7.24.0 (semver) Affected: 7.23.1 , ≤ 7.23.1 (semver) Affected: 7.23.0 , ≤ 7.23.0 (semver) Affected: 7.22.0 , ≤ 7.22.0 (semver) Affected: 7.21.7 , ≤ 7.21.7 (semver) Affected: 7.21.6 , ≤ 7.21.6 (semver) Affected: 7.21.5 , ≤ 7.21.5 (semver) Affected: 7.21.4 , ≤ 7.21.4 (semver) Affected: 7.21.3 , ≤ 7.21.3 (semver) Affected: 7.21.2 , ≤ 7.21.2 (semver) Affected: 7.21.1 , ≤ 7.21.1 (semver) Affected: 7.21.0 , ≤ 7.21.0 (semver) Affected: 7.20.1 , ≤ 7.20.1 (semver) Affected: 7.20.0 , ≤ 7.20.0 (semver)

Credits

Arkadi Vainbrand Daniel Stenberg

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-13T09:05:12.559Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/29/7"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.9,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4873",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T19:29:14.521822Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-319",
                "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T19:30:04.825Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "curl",
          "vendor": "curl",
          "versions": [
            {
              "lessThanOrEqual": "8.19.0",
              "status": "affected",
              "version": "8.19.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.18.0",
              "status": "affected",
              "version": "8.18.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.17.0",
              "status": "affected",
              "version": "8.17.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.16.0",
              "status": "affected",
              "version": "8.16.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.15.0",
              "status": "affected",
              "version": "8.15.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.14.1",
              "status": "affected",
              "version": "8.14.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.14.0",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.13.0",
              "status": "affected",
              "version": "8.13.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.12.1",
              "status": "affected",
              "version": "8.12.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.12.0",
              "status": "affected",
              "version": "8.12.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.11.1",
              "status": "affected",
              "version": "8.11.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.11.0",
              "status": "affected",
              "version": "8.11.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.10.1",
              "status": "affected",
              "version": "8.10.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.10.0",
              "status": "affected",
              "version": "8.10.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.9.1",
              "status": "affected",
              "version": "8.9.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.9.0",
              "status": "affected",
              "version": "8.9.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.8.0",
              "status": "affected",
              "version": "8.8.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.7.1",
              "status": "affected",
              "version": "8.7.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.7.0",
              "status": "affected",
              "version": "8.7.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.6.0",
              "status": "affected",
              "version": "8.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.0",
              "status": "affected",
              "version": "8.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.0",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.3.0",
              "status": "affected",
              "version": "8.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.2.1",
              "status": "affected",
              "version": "8.2.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.2.0",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.1.2",
              "status": "affected",
              "version": "8.1.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.1.1",
              "status": "affected",
              "version": "8.1.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.1.0",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.0.1",
              "status": "affected",
              "version": "8.0.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.0.0",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.88.1",
              "status": "affected",
              "version": "7.88.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.88.0",
              "status": "affected",
              "version": "7.88.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.87.0",
              "status": "affected",
              "version": "7.87.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.86.0",
              "status": "affected",
              "version": "7.86.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.85.0",
              "status": "affected",
              "version": "7.85.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.84.0",
              "status": "affected",
              "version": "7.84.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.83.1",
              "status": "affected",
              "version": "7.83.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.83.0",
              "status": "affected",
              "version": "7.83.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.82.0",
              "status": "affected",
              "version": "7.82.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.81.0",
              "status": "affected",
              "version": "7.81.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.80.0",
              "status": "affected",
              "version": "7.80.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.79.1",
              "status": "affected",
              "version": "7.79.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.79.0",
              "status": "affected",
              "version": "7.79.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.78.0",
              "status": "affected",
              "version": "7.78.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.77.0",
              "status": "affected",
              "version": "7.77.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.76.1",
              "status": "affected",
              "version": "7.76.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.76.0",
              "status": "affected",
              "version": "7.76.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.75.0",
              "status": "affected",
              "version": "7.75.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.74.0",
              "status": "affected",
              "version": "7.74.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.73.0",
              "status": "affected",
              "version": "7.73.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.72.0",
              "status": "affected",
              "version": "7.72.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.71.1",
              "status": "affected",
              "version": "7.71.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.71.0",
              "status": "affected",
              "version": "7.71.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.70.0",
              "status": "affected",
              "version": "7.70.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.69.1",
              "status": "affected",
              "version": "7.69.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.69.0",
              "status": "affected",
              "version": "7.69.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.68.0",
              "status": "affected",
              "version": "7.68.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.67.0",
              "status": "affected",
              "version": "7.67.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.66.0",
              "status": "affected",
              "version": "7.66.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.65.3",
              "status": "affected",
              "version": "7.65.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.65.2",
              "status": "affected",
              "version": "7.65.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.65.1",
              "status": "affected",
              "version": "7.65.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.65.0",
              "status": "affected",
              "version": "7.65.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.64.1",
              "status": "affected",
              "version": "7.64.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.64.0",
              "status": "affected",
              "version": "7.64.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.63.0",
              "status": "affected",
              "version": "7.63.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.62.0",
              "status": "affected",
              "version": "7.62.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.61.1",
              "status": "affected",
              "version": "7.61.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.61.0",
              "status": "affected",
              "version": "7.61.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.60.0",
              "status": "affected",
              "version": "7.60.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.59.0",
              "status": "affected",
              "version": "7.59.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.58.0",
              "status": "affected",
              "version": "7.58.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.57.0",
              "status": "affected",
              "version": "7.57.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.56.1",
              "status": "affected",
              "version": "7.56.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.56.0",
              "status": "affected",
              "version": "7.56.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.55.1",
              "status": "affected",
              "version": "7.55.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.55.0",
              "status": "affected",
              "version": "7.55.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.54.1",
              "status": "affected",
              "version": "7.54.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.54.0",
              "status": "affected",
              "version": "7.54.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.53.1",
              "status": "affected",
              "version": "7.53.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.53.0",
              "status": "affected",
              "version": "7.53.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.52.1",
              "status": "affected",
              "version": "7.52.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.52.0",
              "status": "affected",
              "version": "7.52.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.51.0",
              "status": "affected",
              "version": "7.51.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.50.3",
              "status": "affected",
              "version": "7.50.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.50.2",
              "status": "affected",
              "version": "7.50.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.50.1",
              "status": "affected",
              "version": "7.50.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.50.0",
              "status": "affected",
              "version": "7.50.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.49.1",
              "status": "affected",
              "version": "7.49.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.49.0",
              "status": "affected",
              "version": "7.49.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.48.0",
              "status": "affected",
              "version": "7.48.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.47.1",
              "status": "affected",
              "version": "7.47.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.47.0",
              "status": "affected",
              "version": "7.47.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.46.0",
              "status": "affected",
              "version": "7.46.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.45.0",
              "status": "affected",
              "version": "7.45.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.44.0",
              "status": "affected",
              "version": "7.44.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.43.0",
              "status": "affected",
              "version": "7.43.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.42.1",
              "status": "affected",
              "version": "7.42.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.42.0",
              "status": "affected",
              "version": "7.42.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.41.0",
              "status": "affected",
              "version": "7.41.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.40.0",
              "status": "affected",
              "version": "7.40.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.39.0",
              "status": "affected",
              "version": "7.39.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.38.0",
              "status": "affected",
              "version": "7.38.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.37.1",
              "status": "affected",
              "version": "7.37.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.37.0",
              "status": "affected",
              "version": "7.37.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.36.0",
              "status": "affected",
              "version": "7.36.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.35.0",
              "status": "affected",
              "version": "7.35.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.34.0",
              "status": "affected",
              "version": "7.34.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.33.0",
              "status": "affected",
              "version": "7.33.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.32.0",
              "status": "affected",
              "version": "7.32.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.31.0",
              "status": "affected",
              "version": "7.31.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.30.0",
              "status": "affected",
              "version": "7.30.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.29.0",
              "status": "affected",
              "version": "7.29.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.28.1",
              "status": "affected",
              "version": "7.28.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.28.0",
              "status": "affected",
              "version": "7.28.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.27.0",
              "status": "affected",
              "version": "7.27.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.26.0",
              "status": "affected",
              "version": "7.26.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.25.0",
              "status": "affected",
              "version": "7.25.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.24.0",
              "status": "affected",
              "version": "7.24.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.23.1",
              "status": "affected",
              "version": "7.23.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.23.0",
              "status": "affected",
              "version": "7.23.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.22.0",
              "status": "affected",
              "version": "7.22.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.7",
              "status": "affected",
              "version": "7.21.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.6",
              "status": "affected",
              "version": "7.21.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.5",
              "status": "affected",
              "version": "7.21.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.4",
              "status": "affected",
              "version": "7.21.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.3",
              "status": "affected",
              "version": "7.21.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.2",
              "status": "affected",
              "version": "7.21.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.1",
              "status": "affected",
              "version": "7.21.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.0",
              "status": "affected",
              "version": "7.21.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.20.1",
              "status": "affected",
              "version": "7.20.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.20.0",
              "status": "affected",
              "version": "7.20.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Arkadi Vainbrand"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Daniel Stenberg"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability exists where a connection requiring TLS incorrectly reuses an\nexisting unencrypted connection from the same connection pool. If an initial\ntransfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request\nto that same host bypasses the TLS requirement and instead transmit data\nunencrypted."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-319 Cleartext Transmission of Sensitive Information",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T08:27:04.538Z",
        "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "shortName": "curl"
      },
      "references": [
        {
          "name": "json",
          "url": "https://curl.se/docs/CVE-2026-4873.json"
        },
        {
          "name": "www",
          "url": "https://curl.se/docs/CVE-2026-4873.html"
        },
        {
          "name": "issue",
          "url": "https://hackerone.com/reports/3621851"
        }
      ],
      "title": "connection reuse ignores TLS requirement"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
    "assignerShortName": "curl",
    "cveId": "CVE-2026-4873",
    "datePublished": "2026-05-13T08:27:04.538Z",
    "dateReserved": "2026-03-26T05:38:02.098Z",
    "dateUpdated": "2026-05-13T19:30:04.825Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-5545 (GCVE-0-2026-5545)

Vulnerability from cvelistv5 – Published: 2026-05-13 08:27 – Updated: 2026-05-13 17:46

Title

wrong reuse of HTTP Negotiate connection

Summary

libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTP(S) request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. An application that first uses Negotiate authentication to a server with `user1:password1` and then does another operation to the same server asking for any authentication method but for `user2:password2` (while the previous connection is still alive) - the second request gets confused and wrongly reuses the same connection and sends the new request over that connection thinking it uses a mix of user1's and user2's credentials when it is in fact still using the connection authenticated for user1...

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-305 Authentication Bypass by Primary Weakness

Assigner

curl

References

3 references

URL	Tags
https://curl.se/docs/CVE-2026-5545.json
https://curl.se/docs/CVE-2026-5545.html
https://hackerone.com/reports/3642555

Impacted products

1 product

Vendor	Product	Version
curl	curl	Affected: 8.19.0 , ≤ 8.19.0 (semver) Affected: 8.18.0 , ≤ 8.18.0 (semver) Affected: 8.17.0 , ≤ 8.17.0 (semver) Affected: 8.16.0 , ≤ 8.16.0 (semver) Affected: 8.15.0 , ≤ 8.15.0 (semver) Affected: 8.14.1 , ≤ 8.14.1 (semver) Affected: 8.14.0 , ≤ 8.14.0 (semver) Affected: 8.13.0 , ≤ 8.13.0 (semver) Affected: 8.12.1 , ≤ 8.12.1 (semver) Affected: 8.12.0 , ≤ 8.12.0 (semver) Affected: 8.11.1 , ≤ 8.11.1 (semver) Affected: 8.11.0 , ≤ 8.11.0 (semver) Affected: 8.10.1 , ≤ 8.10.1 (semver) Affected: 8.10.0 , ≤ 8.10.0 (semver) Affected: 8.9.1 , ≤ 8.9.1 (semver) Affected: 8.9.0 , ≤ 8.9.0 (semver) Affected: 8.8.0 , ≤ 8.8.0 (semver) Affected: 8.7.1 , ≤ 8.7.1 (semver) Affected: 8.7.0 , ≤ 8.7.0 (semver) Affected: 8.6.0 , ≤ 8.6.0 (semver) Affected: 8.5.0 , ≤ 8.5.0 (semver) Affected: 8.4.0 , ≤ 8.4.0 (semver) Affected: 8.3.0 , ≤ 8.3.0 (semver) Affected: 8.2.1 , ≤ 8.2.1 (semver) Affected: 8.2.0 , ≤ 8.2.0 (semver) Affected: 8.1.2 , ≤ 8.1.2 (semver) Affected: 8.1.1 , ≤ 8.1.1 (semver) Affected: 8.1.0 , ≤ 8.1.0 (semver) Affected: 8.0.1 , ≤ 8.0.1 (semver) Affected: 8.0.0 , ≤ 8.0.0 (semver) Affected: 7.88.1 , ≤ 7.88.1 (semver) Affected: 7.88.0 , ≤ 7.88.0 (semver) Affected: 7.87.0 , ≤ 7.87.0 (semver) Affected: 7.86.0 , ≤ 7.86.0 (semver) Affected: 7.85.0 , ≤ 7.85.0 (semver) Affected: 7.84.0 , ≤ 7.84.0 (semver) Affected: 7.83.1 , ≤ 7.83.1 (semver) Affected: 7.83.0 , ≤ 7.83.0 (semver) Affected: 7.82.0 , ≤ 7.82.0 (semver) Affected: 7.81.0 , ≤ 7.81.0 (semver) Affected: 7.80.0 , ≤ 7.80.0 (semver) Affected: 7.79.1 , ≤ 7.79.1 (semver) Affected: 7.79.0 , ≤ 7.79.0 (semver) Affected: 7.78.0 , ≤ 7.78.0 (semver) Affected: 7.77.0 , ≤ 7.77.0 (semver) Affected: 7.76.1 , ≤ 7.76.1 (semver) Affected: 7.76.0 , ≤ 7.76.0 (semver) Affected: 7.75.0 , ≤ 7.75.0 (semver) Affected: 7.74.0 , ≤ 7.74.0 (semver) Affected: 7.73.0 , ≤ 7.73.0 (semver) Affected: 7.72.0 , ≤ 7.72.0 (semver) Affected: 7.71.1 , ≤ 7.71.1 (semver) Affected: 7.71.0 , ≤ 7.71.0 (semver) Affected: 7.70.0 , ≤ 7.70.0 (semver) Affected: 7.69.1 , ≤ 7.69.1 (semver) Affected: 7.69.0 , ≤ 7.69.0 (semver) Affected: 7.68.0 , ≤ 7.68.0 (semver) Affected: 7.67.0 , ≤ 7.67.0 (semver) Affected: 7.66.0 , ≤ 7.66.0 (semver) Affected: 7.65.3 , ≤ 7.65.3 (semver) Affected: 7.65.2 , ≤ 7.65.2 (semver) Affected: 7.65.1 , ≤ 7.65.1 (semver) Affected: 7.65.0 , ≤ 7.65.0 (semver) Affected: 7.64.1 , ≤ 7.64.1 (semver) Affected: 7.64.0 , ≤ 7.64.0 (semver) Affected: 7.63.0 , ≤ 7.63.0 (semver) Affected: 7.62.0 , ≤ 7.62.0 (semver) Affected: 7.61.1 , ≤ 7.61.1 (semver) Affected: 7.61.0 , ≤ 7.61.0 (semver) Affected: 7.60.0 , ≤ 7.60.0 (semver) Affected: 7.59.0 , ≤ 7.59.0 (semver) Affected: 7.58.0 , ≤ 7.58.0 (semver) Affected: 7.57.0 , ≤ 7.57.0 (semver) Affected: 7.56.1 , ≤ 7.56.1 (semver) Affected: 7.56.0 , ≤ 7.56.0 (semver) Affected: 7.55.1 , ≤ 7.55.1 (semver) Affected: 7.55.0 , ≤ 7.55.0 (semver) Affected: 7.54.1 , ≤ 7.54.1 (semver) Affected: 7.54.0 , ≤ 7.54.0 (semver) Affected: 7.53.1 , ≤ 7.53.1 (semver) Affected: 7.53.0 , ≤ 7.53.0 (semver) Affected: 7.52.1 , ≤ 7.52.1 (semver) Affected: 7.52.0 , ≤ 7.52.0 (semver) Affected: 7.51.0 , ≤ 7.51.0 (semver) Affected: 7.50.3 , ≤ 7.50.3 (semver) Affected: 7.50.2 , ≤ 7.50.2 (semver) Affected: 7.50.1 , ≤ 7.50.1 (semver) Affected: 7.50.0 , ≤ 7.50.0 (semver) Affected: 7.49.1 , ≤ 7.49.1 (semver) Affected: 7.49.0 , ≤ 7.49.0 (semver) Affected: 7.48.0 , ≤ 7.48.0 (semver) Affected: 7.47.1 , ≤ 7.47.1 (semver) Affected: 7.47.0 , ≤ 7.47.0 (semver) Affected: 7.46.0 , ≤ 7.46.0 (semver) Affected: 7.45.0 , ≤ 7.45.0 (semver) Affected: 7.44.0 , ≤ 7.44.0 (semver) Affected: 7.43.0 , ≤ 7.43.0 (semver) Affected: 7.42.1 , ≤ 7.42.1 (semver) Affected: 7.42.0 , ≤ 7.42.0 (semver) Affected: 7.41.0 , ≤ 7.41.0 (semver) Affected: 7.40.0 , ≤ 7.40.0 (semver) Affected: 7.39.0 , ≤ 7.39.0 (semver) Affected: 7.38.0 , ≤ 7.38.0 (semver) Affected: 7.37.1 , ≤ 7.37.1 (semver) Affected: 7.37.0 , ≤ 7.37.0 (semver) Affected: 7.36.0 , ≤ 7.36.0 (semver) Affected: 7.35.0 , ≤ 7.35.0 (semver) Affected: 7.34.0 , ≤ 7.34.0 (semver) Affected: 7.33.0 , ≤ 7.33.0 (semver) Affected: 7.32.0 , ≤ 7.32.0 (semver) Affected: 7.31.0 , ≤ 7.31.0 (semver) Affected: 7.30.0 , ≤ 7.30.0 (semver) Affected: 7.29.0 , ≤ 7.29.0 (semver) Affected: 7.28.1 , ≤ 7.28.1 (semver) Affected: 7.28.0 , ≤ 7.28.0 (semver) Affected: 7.27.0 , ≤ 7.27.0 (semver) Affected: 7.26.0 , ≤ 7.26.0 (semver) Affected: 7.25.0 , ≤ 7.25.0 (semver) Affected: 7.24.0 , ≤ 7.24.0 (semver) Affected: 7.23.1 , ≤ 7.23.1 (semver) Affected: 7.23.0 , ≤ 7.23.0 (semver) Affected: 7.22.0 , ≤ 7.22.0 (semver) Affected: 7.21.7 , ≤ 7.21.7 (semver) Affected: 7.21.6 , ≤ 7.21.6 (semver) Affected: 7.21.5 , ≤ 7.21.5 (semver) Affected: 7.21.4 , ≤ 7.21.4 (semver) Affected: 7.21.3 , ≤ 7.21.3 (semver) Affected: 7.21.2 , ≤ 7.21.2 (semver) Affected: 7.21.1 , ≤ 7.21.1 (semver) Affected: 7.21.0 , ≤ 7.21.0 (semver) Affected: 7.20.1 , ≤ 7.20.1 (semver) Affected: 7.20.0 , ≤ 7.20.0 (semver) Affected: 7.19.7 , ≤ 7.19.7 (semver) Affected: 7.19.6 , ≤ 7.19.6 (semver) Affected: 7.19.5 , ≤ 7.19.5 (semver) Affected: 7.19.4 , ≤ 7.19.4 (semver) Affected: 7.19.3 , ≤ 7.19.3 (semver) Affected: 7.19.2 , ≤ 7.19.2 (semver) Affected: 7.19.1 , ≤ 7.19.1 (semver) Affected: 7.19.0 , ≤ 7.19.0 (semver) Affected: 7.18.2 , ≤ 7.18.2 (semver) Affected: 7.18.1 , ≤ 7.18.1 (semver) Affected: 7.18.0 , ≤ 7.18.0 (semver) Affected: 7.17.1 , ≤ 7.17.1 (semver) Affected: 7.17.0 , ≤ 7.17.0 (semver) Affected: 7.16.4 , ≤ 7.16.4 (semver) Affected: 7.16.3 , ≤ 7.16.3 (semver) Affected: 7.16.2 , ≤ 7.16.2 (semver) Affected: 7.16.1 , ≤ 7.16.1 (semver) Affected: 7.16.0 , ≤ 7.16.0 (semver) Affected: 7.15.5 , ≤ 7.15.5 (semver) Affected: 7.15.4 , ≤ 7.15.4 (semver) Affected: 7.15.3 , ≤ 7.15.3 (semver) Affected: 7.15.2 , ≤ 7.15.2 (semver) Affected: 7.15.1 , ≤ 7.15.1 (semver) Affected: 7.15.0 , ≤ 7.15.0 (semver) Affected: 7.14.1 , ≤ 7.14.1 (semver) Affected: 7.14.0 , ≤ 7.14.0 (semver) Affected: 7.13.2 , ≤ 7.13.2 (semver) Affected: 7.13.1 , ≤ 7.13.1 (semver) Affected: 7.13.0 , ≤ 7.13.0 (semver) Affected: 7.12.3 , ≤ 7.12.3 (semver) Affected: 7.12.2 , ≤ 7.12.2 (semver) Affected: 7.12.1 , ≤ 7.12.1 (semver) Affected: 7.12.0 , ≤ 7.12.0 (semver) Affected: 7.11.2 , ≤ 7.11.2 (semver) Affected: 7.11.1 , ≤ 7.11.1 (semver) Affected: 7.11.0 , ≤ 7.11.0 (semver) Affected: 7.10.8 , ≤ 7.10.8 (semver) Affected: 7.10.7 , ≤ 7.10.7 (semver) Affected: 7.10.6 , ≤ 7.10.6 (semver)

Credits

Quac Tran and Ngoc Hieu Stefan Eissing

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-5545",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T17:46:36.115262Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T17:46:40.830Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://hackerone.com/reports/3642555"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "curl",
          "vendor": "curl",
          "versions": [
            {
              "lessThanOrEqual": "8.19.0",
              "status": "affected",
              "version": "8.19.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.18.0",
              "status": "affected",
              "version": "8.18.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.17.0",
              "status": "affected",
              "version": "8.17.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.16.0",
              "status": "affected",
              "version": "8.16.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.15.0",
              "status": "affected",
              "version": "8.15.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.14.1",
              "status": "affected",
              "version": "8.14.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.14.0",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.13.0",
              "status": "affected",
              "version": "8.13.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.12.1",
              "status": "affected",
              "version": "8.12.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.12.0",
              "status": "affected",
              "version": "8.12.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.11.1",
              "status": "affected",
              "version": "8.11.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.11.0",
              "status": "affected",
              "version": "8.11.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.10.1",
              "status": "affected",
              "version": "8.10.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.10.0",
              "status": "affected",
              "version": "8.10.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.9.1",
              "status": "affected",
              "version": "8.9.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.9.0",
              "status": "affected",
              "version": "8.9.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.8.0",
              "status": "affected",
              "version": "8.8.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.7.1",
              "status": "affected",
              "version": "8.7.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.7.0",
              "status": "affected",
              "version": "8.7.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.6.0",
              "status": "affected",
              "version": "8.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.0",
              "status": "affected",
              "version": "8.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.0",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.3.0",
              "status": "affected",
              "version": "8.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.2.1",
              "status": "affected",
              "version": "8.2.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.2.0",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.1.2",
              "status": "affected",
              "version": "8.1.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.1.1",
              "status": "affected",
              "version": "8.1.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.1.0",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.0.1",
              "status": "affected",
              "version": "8.0.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.0.0",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.88.1",
              "status": "affected",
              "version": "7.88.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.88.0",
              "status": "affected",
              "version": "7.88.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.87.0",
              "status": "affected",
              "version": "7.87.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.86.0",
              "status": "affected",
              "version": "7.86.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.85.0",
              "status": "affected",
              "version": "7.85.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.84.0",
              "status": "affected",
              "version": "7.84.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.83.1",
              "status": "affected",
              "version": "7.83.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.83.0",
              "status": "affected",
              "version": "7.83.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.82.0",
              "status": "affected",
              "version": "7.82.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.81.0",
              "status": "affected",
              "version": "7.81.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.80.0",
              "status": "affected",
              "version": "7.80.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.79.1",
              "status": "affected",
              "version": "7.79.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.79.0",
              "status": "affected",
              "version": "7.79.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.78.0",
              "status": "affected",
              "version": "7.78.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.77.0",
              "status": "affected",
              "version": "7.77.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.76.1",
              "status": "affected",
              "version": "7.76.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.76.0",
              "status": "affected",
              "version": "7.76.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.75.0",
              "status": "affected",
              "version": "7.75.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.74.0",
              "status": "affected",
              "version": "7.74.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.73.0",
              "status": "affected",
              "version": "7.73.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.72.0",
              "status": "affected",
              "version": "7.72.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.71.1",
              "status": "affected",
              "version": "7.71.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.71.0",
              "status": "affected",
              "version": "7.71.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.70.0",
              "status": "affected",
              "version": "7.70.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.69.1",
              "status": "affected",
              "version": "7.69.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.69.0",
              "status": "affected",
              "version": "7.69.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.68.0",
              "status": "affected",
              "version": "7.68.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.67.0",
              "status": "affected",
              "version": "7.67.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.66.0",
              "status": "affected",
              "version": "7.66.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.65.3",
              "status": "affected",
              "version": "7.65.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.65.2",
              "status": "affected",
              "version": "7.65.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.65.1",
              "status": "affected",
              "version": "7.65.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.65.0",
              "status": "affected",
              "version": "7.65.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.64.1",
              "status": "affected",
              "version": "7.64.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.64.0",
              "status": "affected",
              "version": "7.64.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.63.0",
              "status": "affected",
              "version": "7.63.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.62.0",
              "status": "affected",
              "version": "7.62.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.61.1",
              "status": "affected",
              "version": "7.61.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.61.0",
              "status": "affected",
              "version": "7.61.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.60.0",
              "status": "affected",
              "version": "7.60.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.59.0",
              "status": "affected",
              "version": "7.59.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.58.0",
              "status": "affected",
              "version": "7.58.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.57.0",
              "status": "affected",
              "version": "7.57.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.56.1",
              "status": "affected",
              "version": "7.56.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.56.0",
              "status": "affected",
              "version": "7.56.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.55.1",
              "status": "affected",
              "version": "7.55.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.55.0",
              "status": "affected",
              "version": "7.55.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.54.1",
              "status": "affected",
              "version": "7.54.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.54.0",
              "status": "affected",
              "version": "7.54.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.53.1",
              "status": "affected",
              "version": "7.53.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.53.0",
              "status": "affected",
              "version": "7.53.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.52.1",
              "status": "affected",
              "version": "7.52.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.52.0",
              "status": "affected",
              "version": "7.52.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.51.0",
              "status": "affected",
              "version": "7.51.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.50.3",
              "status": "affected",
              "version": "7.50.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.50.2",
              "status": "affected",
              "version": "7.50.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.50.1",
              "status": "affected",
              "version": "7.50.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.50.0",
              "status": "affected",
              "version": "7.50.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.49.1",
              "status": "affected",
              "version": "7.49.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.49.0",
              "status": "affected",
              "version": "7.49.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.48.0",
              "status": "affected",
              "version": "7.48.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.47.1",
              "status": "affected",
              "version": "7.47.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.47.0",
              "status": "affected",
              "version": "7.47.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.46.0",
              "status": "affected",
              "version": "7.46.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.45.0",
              "status": "affected",
              "version": "7.45.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.44.0",
              "status": "affected",
              "version": "7.44.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.43.0",
              "status": "affected",
              "version": "7.43.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.42.1",
              "status": "affected",
              "version": "7.42.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.42.0",
              "status": "affected",
              "version": "7.42.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.41.0",
              "status": "affected",
              "version": "7.41.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.40.0",
              "status": "affected",
              "version": "7.40.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.39.0",
              "status": "affected",
              "version": "7.39.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.38.0",
              "status": "affected",
              "version": "7.38.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.37.1",
              "status": "affected",
              "version": "7.37.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.37.0",
              "status": "affected",
              "version": "7.37.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.36.0",
              "status": "affected",
              "version": "7.36.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.35.0",
              "status": "affected",
              "version": "7.35.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.34.0",
              "status": "affected",
              "version": "7.34.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.33.0",
              "status": "affected",
              "version": "7.33.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.32.0",
              "status": "affected",
              "version": "7.32.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.31.0",
              "status": "affected",
              "version": "7.31.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.30.0",
              "status": "affected",
              "version": "7.30.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.29.0",
              "status": "affected",
              "version": "7.29.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.28.1",
              "status": "affected",
              "version": "7.28.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.28.0",
              "status": "affected",
              "version": "7.28.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.27.0",
              "status": "affected",
              "version": "7.27.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.26.0",
              "status": "affected",
              "version": "7.26.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.25.0",
              "status": "affected",
              "version": "7.25.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.24.0",
              "status": "affected",
              "version": "7.24.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.23.1",
              "status": "affected",
              "version": "7.23.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.23.0",
              "status": "affected",
              "version": "7.23.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.22.0",
              "status": "affected",
              "version": "7.22.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.7",
              "status": "affected",
              "version": "7.21.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.6",
              "status": "affected",
              "version": "7.21.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.5",
              "status": "affected",
              "version": "7.21.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.4",
              "status": "affected",
              "version": "7.21.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.3",
              "status": "affected",
              "version": "7.21.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.2",
              "status": "affected",
              "version": "7.21.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.1",
              "status": "affected",
              "version": "7.21.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.0",
              "status": "affected",
              "version": "7.21.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.20.1",
              "status": "affected",
              "version": "7.20.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.20.0",
              "status": "affected",
              "version": "7.20.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.7",
              "status": "affected",
              "version": "7.19.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.6",
              "status": "affected",
              "version": "7.19.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.5",
              "status": "affected",
              "version": "7.19.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.4",
              "status": "affected",
              "version": "7.19.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.3",
              "status": "affected",
              "version": "7.19.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.2",
              "status": "affected",
              "version": "7.19.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.1",
              "status": "affected",
              "version": "7.19.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.0",
              "status": "affected",
              "version": "7.19.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.18.2",
              "status": "affected",
              "version": "7.18.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.18.1",
              "status": "affected",
              "version": "7.18.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.18.0",
              "status": "affected",
              "version": "7.18.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.17.1",
              "status": "affected",
              "version": "7.17.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.17.0",
              "status": "affected",
              "version": "7.17.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.16.4",
              "status": "affected",
              "version": "7.16.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.16.3",
              "status": "affected",
              "version": "7.16.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.16.2",
              "status": "affected",
              "version": "7.16.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.16.1",
              "status": "affected",
              "version": "7.16.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.16.0",
              "status": "affected",
              "version": "7.16.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.15.5",
              "status": "affected",
              "version": "7.15.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.15.4",
              "status": "affected",
              "version": "7.15.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.15.3",
              "status": "affected",
              "version": "7.15.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.15.2",
              "status": "affected",
              "version": "7.15.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.15.1",
              "status": "affected",
              "version": "7.15.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.15.0",
              "status": "affected",
              "version": "7.15.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.14.1",
              "status": "affected",
              "version": "7.14.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.14.0",
              "status": "affected",
              "version": "7.14.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.13.2",
              "status": "affected",
              "version": "7.13.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.13.1",
              "status": "affected",
              "version": "7.13.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.13.0",
              "status": "affected",
              "version": "7.13.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.12.3",
              "status": "affected",
              "version": "7.12.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.12.2",
              "status": "affected",
              "version": "7.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.12.1",
              "status": "affected",
              "version": "7.12.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.12.0",
              "status": "affected",
              "version": "7.12.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.11.2",
              "status": "affected",
              "version": "7.11.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.11.1",
              "status": "affected",
              "version": "7.11.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.11.0",
              "status": "affected",
              "version": "7.11.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.10.8",
              "status": "affected",
              "version": "7.10.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.10.7",
              "status": "affected",
              "version": "7.10.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.10.6",
              "status": "affected",
              "version": "7.10.6",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Quac Tran and Ngoc Hieu"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Stefan Eissing"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libcurl might in some circumstances reuse the wrong connection when asked to\ndo an authenticated HTTP(S) request after a Negotiate-authenticated one, when\nboth use the same host.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criteria must be met. Due to a logical\nerror in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials.\n\nAn application that first uses Negotiate authentication to a server with\n`user1:password1` and then does another operation to the same server asking\nfor any authentication method but for `user2:password2` (while the previous\nconnection is still alive) - the second request gets confused and wrongly\nreuses the same connection and sends the new request over that connection\nthinking it uses a mix of user1\u0027s and user2\u0027s credentials when it is in fact\nstill using the connection authenticated for user1..."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-305 Authentication Bypass by Primary Weakness",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T08:27:26.065Z",
        "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "shortName": "curl"
      },
      "references": [
        {
          "name": "json",
          "url": "https://curl.se/docs/CVE-2026-5545.json"
        },
        {
          "name": "www",
          "url": "https://curl.se/docs/CVE-2026-5545.html"
        },
        {
          "name": "issue",
          "url": "https://hackerone.com/reports/3642555"
        }
      ],
      "title": "wrong reuse of HTTP Negotiate connection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
    "assignerShortName": "curl",
    "cveId": "CVE-2026-5545",
    "datePublished": "2026-05-13T08:27:26.065Z",
    "dateReserved": "2026-04-04T12:10:07.125Z",
    "dateUpdated": "2026-05-13T17:46:40.830Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6253 (GCVE-0-2026-6253)

Vulnerability from cvelistv5 – Published: 2026-05-13 08:28 – Updated: 2026-05-13 17:42

Title

proxy credentials leak over redirect-to proxy

Summary

curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for different URL schemes 2. the first proxy needs credentials 3. the second proxy uses no credentials 4. while using the first proxy (using say `http://`), curl is asked to follow a redirect to a URL using another scheme (say `https://`), accessed using a second, different, proxy

Severity

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: poc Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-522 Insufficiently Protected Credentials

Assigner

curl

References

4 references

URL	Tags
https://curl.se/docs/CVE-2026-6253.json
https://curl.se/docs/CVE-2026-6253.html
https://hackerone.com/reports/3669637
http://www.openwall.com/lists/oss-security/2026/0…

Impacted products

1 product

Vendor	Product	Version
curl	curl	Affected: 8.19.0 , ≤ 8.19.0 (semver) Affected: 8.18.0 , ≤ 8.18.0 (semver) Affected: 8.17.0 , ≤ 8.17.0 (semver) Affected: 8.16.0 , ≤ 8.16.0 (semver) Affected: 8.15.0 , ≤ 8.15.0 (semver) Affected: 8.14.1 , ≤ 8.14.1 (semver) Affected: 8.14.0 , ≤ 8.14.0 (semver) Affected: 8.13.0 , ≤ 8.13.0 (semver) Affected: 8.12.1 , ≤ 8.12.1 (semver) Affected: 8.12.0 , ≤ 8.12.0 (semver) Affected: 8.11.1 , ≤ 8.11.1 (semver) Affected: 8.11.0 , ≤ 8.11.0 (semver) Affected: 8.10.1 , ≤ 8.10.1 (semver) Affected: 8.10.0 , ≤ 8.10.0 (semver) Affected: 8.9.1 , ≤ 8.9.1 (semver) Affected: 8.9.0 , ≤ 8.9.0 (semver) Affected: 8.8.0 , ≤ 8.8.0 (semver) Affected: 8.7.1 , ≤ 8.7.1 (semver) Affected: 8.7.0 , ≤ 8.7.0 (semver) Affected: 8.6.0 , ≤ 8.6.0 (semver) Affected: 8.5.0 , ≤ 8.5.0 (semver) Affected: 8.4.0 , ≤ 8.4.0 (semver) Affected: 8.3.0 , ≤ 8.3.0 (semver) Affected: 8.2.1 , ≤ 8.2.1 (semver) Affected: 8.2.0 , ≤ 8.2.0 (semver) Affected: 8.1.2 , ≤ 8.1.2 (semver) Affected: 8.1.1 , ≤ 8.1.1 (semver) Affected: 8.1.0 , ≤ 8.1.0 (semver) Affected: 8.0.1 , ≤ 8.0.1 (semver) Affected: 8.0.0 , ≤ 8.0.0 (semver) Affected: 7.88.1 , ≤ 7.88.1 (semver) Affected: 7.88.0 , ≤ 7.88.0 (semver) Affected: 7.87.0 , ≤ 7.87.0 (semver) Affected: 7.86.0 , ≤ 7.86.0 (semver) Affected: 7.85.0 , ≤ 7.85.0 (semver) Affected: 7.84.0 , ≤ 7.84.0 (semver) Affected: 7.83.1 , ≤ 7.83.1 (semver) Affected: 7.83.0 , ≤ 7.83.0 (semver) Affected: 7.82.0 , ≤ 7.82.0 (semver) Affected: 7.81.0 , ≤ 7.81.0 (semver) Affected: 7.80.0 , ≤ 7.80.0 (semver) Affected: 7.79.1 , ≤ 7.79.1 (semver) Affected: 7.79.0 , ≤ 7.79.0 (semver) Affected: 7.78.0 , ≤ 7.78.0 (semver) Affected: 7.77.0 , ≤ 7.77.0 (semver) Affected: 7.76.1 , ≤ 7.76.1 (semver) Affected: 7.76.0 , ≤ 7.76.0 (semver) Affected: 7.75.0 , ≤ 7.75.0 (semver) Affected: 7.74.0 , ≤ 7.74.0 (semver) Affected: 7.73.0 , ≤ 7.73.0 (semver) Affected: 7.72.0 , ≤ 7.72.0 (semver) Affected: 7.71.1 , ≤ 7.71.1 (semver) Affected: 7.71.0 , ≤ 7.71.0 (semver) Affected: 7.70.0 , ≤ 7.70.0 (semver) Affected: 7.69.1 , ≤ 7.69.1 (semver) Affected: 7.69.0 , ≤ 7.69.0 (semver) Affected: 7.68.0 , ≤ 7.68.0 (semver) Affected: 7.67.0 , ≤ 7.67.0 (semver) Affected: 7.66.0 , ≤ 7.66.0 (semver) Affected: 7.65.3 , ≤ 7.65.3 (semver) Affected: 7.65.2 , ≤ 7.65.2 (semver) Affected: 7.65.1 , ≤ 7.65.1 (semver) Affected: 7.65.0 , ≤ 7.65.0 (semver) Affected: 7.64.1 , ≤ 7.64.1 (semver) Affected: 7.64.0 , ≤ 7.64.0 (semver) Affected: 7.63.0 , ≤ 7.63.0 (semver) Affected: 7.62.0 , ≤ 7.62.0 (semver) Affected: 7.61.1 , ≤ 7.61.1 (semver) Affected: 7.61.0 , ≤ 7.61.0 (semver) Affected: 7.60.0 , ≤ 7.60.0 (semver) Affected: 7.59.0 , ≤ 7.59.0 (semver) Affected: 7.58.0 , ≤ 7.58.0 (semver) Affected: 7.57.0 , ≤ 7.57.0 (semver) Affected: 7.56.1 , ≤ 7.56.1 (semver) Affected: 7.56.0 , ≤ 7.56.0 (semver) Affected: 7.55.1 , ≤ 7.55.1 (semver) Affected: 7.55.0 , ≤ 7.55.0 (semver) Affected: 7.54.1 , ≤ 7.54.1 (semver) Affected: 7.54.0 , ≤ 7.54.0 (semver) Affected: 7.53.1 , ≤ 7.53.1 (semver) Affected: 7.53.0 , ≤ 7.53.0 (semver) Affected: 7.52.1 , ≤ 7.52.1 (semver) Affected: 7.52.0 , ≤ 7.52.0 (semver) Affected: 7.51.0 , ≤ 7.51.0 (semver) Affected: 7.50.3 , ≤ 7.50.3 (semver) Affected: 7.50.2 , ≤ 7.50.2 (semver) Affected: 7.50.1 , ≤ 7.50.1 (semver) Affected: 7.50.0 , ≤ 7.50.0 (semver) Affected: 7.49.1 , ≤ 7.49.1 (semver) Affected: 7.49.0 , ≤ 7.49.0 (semver) Affected: 7.48.0 , ≤ 7.48.0 (semver) Affected: 7.47.1 , ≤ 7.47.1 (semver) Affected: 7.47.0 , ≤ 7.47.0 (semver) Affected: 7.46.0 , ≤ 7.46.0 (semver) Affected: 7.45.0 , ≤ 7.45.0 (semver) Affected: 7.44.0 , ≤ 7.44.0 (semver) Affected: 7.43.0 , ≤ 7.43.0 (semver) Affected: 7.42.1 , ≤ 7.42.1 (semver) Affected: 7.42.0 , ≤ 7.42.0 (semver) Affected: 7.41.0 , ≤ 7.41.0 (semver) Affected: 7.40.0 , ≤ 7.40.0 (semver) Affected: 7.39.0 , ≤ 7.39.0 (semver) Affected: 7.38.0 , ≤ 7.38.0 (semver) Affected: 7.37.1 , ≤ 7.37.1 (semver) Affected: 7.37.0 , ≤ 7.37.0 (semver) Affected: 7.36.0 , ≤ 7.36.0 (semver) Affected: 7.35.0 , ≤ 7.35.0 (semver) Affected: 7.34.0 , ≤ 7.34.0 (semver) Affected: 7.33.0 , ≤ 7.33.0 (semver) Affected: 7.32.0 , ≤ 7.32.0 (semver) Affected: 7.31.0 , ≤ 7.31.0 (semver) Affected: 7.30.0 , ≤ 7.30.0 (semver) Affected: 7.29.0 , ≤ 7.29.0 (semver) Affected: 7.28.1 , ≤ 7.28.1 (semver) Affected: 7.28.0 , ≤ 7.28.0 (semver) Affected: 7.27.0 , ≤ 7.27.0 (semver) Affected: 7.26.0 , ≤ 7.26.0 (semver) Affected: 7.25.0 , ≤ 7.25.0 (semver) Affected: 7.24.0 , ≤ 7.24.0 (semver) Affected: 7.23.1 , ≤ 7.23.1 (semver) Affected: 7.23.0 , ≤ 7.23.0 (semver) Affected: 7.22.0 , ≤ 7.22.0 (semver) Affected: 7.21.7 , ≤ 7.21.7 (semver) Affected: 7.21.6 , ≤ 7.21.6 (semver) Affected: 7.21.5 , ≤ 7.21.5 (semver) Affected: 7.21.4 , ≤ 7.21.4 (semver) Affected: 7.21.3 , ≤ 7.21.3 (semver) Affected: 7.21.2 , ≤ 7.21.2 (semver) Affected: 7.21.1 , ≤ 7.21.1 (semver) Affected: 7.21.0 , ≤ 7.21.0 (semver) Affected: 7.20.1 , ≤ 7.20.1 (semver) Affected: 7.20.0 , ≤ 7.20.0 (semver) Affected: 7.19.7 , ≤ 7.19.7 (semver) Affected: 7.19.6 , ≤ 7.19.6 (semver) Affected: 7.19.5 , ≤ 7.19.5 (semver) Affected: 7.19.4 , ≤ 7.19.4 (semver) Affected: 7.19.3 , ≤ 7.19.3 (semver) Affected: 7.19.2 , ≤ 7.19.2 (semver) Affected: 7.19.1 , ≤ 7.19.1 (semver) Affected: 7.19.0 , ≤ 7.19.0 (semver) Affected: 7.18.2 , ≤ 7.18.2 (semver) Affected: 7.18.1 , ≤ 7.18.1 (semver) Affected: 7.18.0 , ≤ 7.18.0 (semver) Affected: 7.17.1 , ≤ 7.17.1 (semver) Affected: 7.17.0 , ≤ 7.17.0 (semver) Affected: 7.16.4 , ≤ 7.16.4 (semver) Affected: 7.16.3 , ≤ 7.16.3 (semver) Affected: 7.16.2 , ≤ 7.16.2 (semver) Affected: 7.16.1 , ≤ 7.16.1 (semver) Affected: 7.16.0 , ≤ 7.16.0 (semver) Affected: 7.15.5 , ≤ 7.15.5 (semver) Affected: 7.15.4 , ≤ 7.15.4 (semver) Affected: 7.15.3 , ≤ 7.15.3 (semver) Affected: 7.15.2 , ≤ 7.15.2 (semver) Affected: 7.15.1 , ≤ 7.15.1 (semver) Affected: 7.15.0 , ≤ 7.15.0 (semver) Affected: 7.14.1 , ≤ 7.14.1 (semver)

Credits

Dwij Mehta (O2 Lab Texas A&M University) Daniel Stenberg

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-13T09:05:31.000Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/29/11"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 5.9,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-6253",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T17:42:30.813126Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T17:42:40.102Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://hackerone.com/reports/3669637"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "curl",
          "vendor": "curl",
          "versions": [
            {
              "lessThanOrEqual": "8.19.0",
              "status": "affected",
              "version": "8.19.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.18.0",
              "status": "affected",
              "version": "8.18.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.17.0",
              "status": "affected",
              "version": "8.17.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.16.0",
              "status": "affected",
              "version": "8.16.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.15.0",
              "status": "affected",
              "version": "8.15.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.14.1",
              "status": "affected",
              "version": "8.14.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.14.0",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.13.0",
              "status": "affected",
              "version": "8.13.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.12.1",
              "status": "affected",
              "version": "8.12.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.12.0",
              "status": "affected",
              "version": "8.12.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.11.1",
              "status": "affected",
              "version": "8.11.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.11.0",
              "status": "affected",
              "version": "8.11.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.10.1",
              "status": "affected",
              "version": "8.10.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.10.0",
              "status": "affected",
              "version": "8.10.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.9.1",
              "status": "affected",
              "version": "8.9.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.9.0",
              "status": "affected",
              "version": "8.9.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.8.0",
              "status": "affected",
              "version": "8.8.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.7.1",
              "status": "affected",
              "version": "8.7.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.7.0",
              "status": "affected",
              "version": "8.7.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.6.0",
              "status": "affected",
              "version": "8.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.0",
              "status": "affected",
              "version": "8.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.0",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.3.0",
              "status": "affected",
              "version": "8.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.2.1",
              "status": "affected",
              "version": "8.2.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.2.0",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.1.2",
              "status": "affected",
              "version": "8.1.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.1.1",
              "status": "affected",
              "version": "8.1.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.1.0",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.0.1",
              "status": "affected",
              "version": "8.0.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.0.0",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.88.1",
              "status": "affected",
              "version": "7.88.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.88.0",
              "status": "affected",
              "version": "7.88.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.87.0",
              "status": "affected",
              "version": "7.87.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.86.0",
              "status": "affected",
              "version": "7.86.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.85.0",
              "status": "affected",
              "version": "7.85.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.84.0",
              "status": "affected",
              "version": "7.84.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.83.1",
              "status": "affected",
              "version": "7.83.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.83.0",
              "status": "affected",
              "version": "7.83.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.82.0",
              "status": "affected",
              "version": "7.82.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.81.0",
              "status": "affected",
              "version": "7.81.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.80.0",
              "status": "affected",
              "version": "7.80.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.79.1",
              "status": "affected",
              "version": "7.79.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.79.0",
              "status": "affected",
              "version": "7.79.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.78.0",
              "status": "affected",
              "version": "7.78.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.77.0",
              "status": "affected",
              "version": "7.77.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.76.1",
              "status": "affected",
              "version": "7.76.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.76.0",
              "status": "affected",
              "version": "7.76.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.75.0",
              "status": "affected",
              "version": "7.75.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.74.0",
              "status": "affected",
              "version": "7.74.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.73.0",
              "status": "affected",
              "version": "7.73.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.72.0",
              "status": "affected",
              "version": "7.72.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.71.1",
              "status": "affected",
              "version": "7.71.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.71.0",
              "status": "affected",
              "version": "7.71.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.70.0",
              "status": "affected",
              "version": "7.70.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.69.1",
              "status": "affected",
              "version": "7.69.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.69.0",
              "status": "affected",
              "version": "7.69.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.68.0",
              "status": "affected",
              "version": "7.68.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.67.0",
              "status": "affected",
              "version": "7.67.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.66.0",
              "status": "affected",
              "version": "7.66.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.65.3",
              "status": "affected",
              "version": "7.65.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.65.2",
              "status": "affected",
              "version": "7.65.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.65.1",
              "status": "affected",
              "version": "7.65.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.65.0",
              "status": "affected",
              "version": "7.65.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.64.1",
              "status": "affected",
              "version": "7.64.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.64.0",
              "status": "affected",
              "version": "7.64.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.63.0",
              "status": "affected",
              "version": "7.63.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.62.0",
              "status": "affected",
              "version": "7.62.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.61.1",
              "status": "affected",
              "version": "7.61.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.61.0",
              "status": "affected",
              "version": "7.61.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.60.0",
              "status": "affected",
              "version": "7.60.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.59.0",
              "status": "affected",
              "version": "7.59.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.58.0",
              "status": "affected",
              "version": "7.58.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.57.0",
              "status": "affected",
              "version": "7.57.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.56.1",
              "status": "affected",
              "version": "7.56.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.56.0",
              "status": "affected",
              "version": "7.56.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.55.1",
              "status": "affected",
              "version": "7.55.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.55.0",
              "status": "affected",
              "version": "7.55.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.54.1",
              "status": "affected",
              "version": "7.54.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.54.0",
              "status": "affected",
              "version": "7.54.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.53.1",
              "status": "affected",
              "version": "7.53.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.53.0",
              "status": "affected",
              "version": "7.53.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.52.1",
              "status": "affected",
              "version": "7.52.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.52.0",
              "status": "affected",
              "version": "7.52.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.51.0",
              "status": "affected",
              "version": "7.51.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.50.3",
              "status": "affected",
              "version": "7.50.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.50.2",
              "status": "affected",
              "version": "7.50.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.50.1",
              "status": "affected",
              "version": "7.50.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.50.0",
              "status": "affected",
              "version": "7.50.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.49.1",
              "status": "affected",
              "version": "7.49.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.49.0",
              "status": "affected",
              "version": "7.49.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.48.0",
              "status": "affected",
              "version": "7.48.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.47.1",
              "status": "affected",
              "version": "7.47.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.47.0",
              "status": "affected",
              "version": "7.47.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.46.0",
              "status": "affected",
              "version": "7.46.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.45.0",
              "status": "affected",
              "version": "7.45.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.44.0",
              "status": "affected",
              "version": "7.44.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.43.0",
              "status": "affected",
              "version": "7.43.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.42.1",
              "status": "affected",
              "version": "7.42.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.42.0",
              "status": "affected",
              "version": "7.42.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.41.0",
              "status": "affected",
              "version": "7.41.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.40.0",
              "status": "affected",
              "version": "7.40.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.39.0",
              "status": "affected",
              "version": "7.39.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.38.0",
              "status": "affected",
              "version": "7.38.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.37.1",
              "status": "affected",
              "version": "7.37.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.37.0",
              "status": "affected",
              "version": "7.37.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.36.0",
              "status": "affected",
              "version": "7.36.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.35.0",
              "status": "affected",
              "version": "7.35.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.34.0",
              "status": "affected",
              "version": "7.34.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.33.0",
              "status": "affected",
              "version": "7.33.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.32.0",
              "status": "affected",
              "version": "7.32.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.31.0",
              "status": "affected",
              "version": "7.31.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.30.0",
              "status": "affected",
              "version": "7.30.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.29.0",
              "status": "affected",
              "version": "7.29.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.28.1",
              "status": "affected",
              "version": "7.28.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.28.0",
              "status": "affected",
              "version": "7.28.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.27.0",
              "status": "affected",
              "version": "7.27.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.26.0",
              "status": "affected",
              "version": "7.26.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.25.0",
              "status": "affected",
              "version": "7.25.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.24.0",
              "status": "affected",
              "version": "7.24.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.23.1",
              "status": "affected",
              "version": "7.23.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.23.0",
              "status": "affected",
              "version": "7.23.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.22.0",
              "status": "affected",
              "version": "7.22.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.7",
              "status": "affected",
              "version": "7.21.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.6",
              "status": "affected",
              "version": "7.21.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.5",
              "status": "affected",
              "version": "7.21.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.4",
              "status": "affected",
              "version": "7.21.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.3",
              "status": "affected",
              "version": "7.21.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.2",
              "status": "affected",
              "version": "7.21.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.1",
              "status": "affected",
              "version": "7.21.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.0",
              "status": "affected",
              "version": "7.21.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.20.1",
              "status": "affected",
              "version": "7.20.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.20.0",
              "status": "affected",
              "version": "7.20.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.7",
              "status": "affected",
              "version": "7.19.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.6",
              "status": "affected",
              "version": "7.19.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.5",
              "status": "affected",
              "version": "7.19.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.4",
              "status": "affected",
              "version": "7.19.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.3",
              "status": "affected",
              "version": "7.19.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.2",
              "status": "affected",
              "version": "7.19.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.1",
              "status": "affected",
              "version": "7.19.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.0",
              "status": "affected",
              "version": "7.19.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.18.2",
              "status": "affected",
              "version": "7.18.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.18.1",
              "status": "affected",
              "version": "7.18.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.18.0",
              "status": "affected",
              "version": "7.18.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.17.1",
              "status": "affected",
              "version": "7.17.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.17.0",
              "status": "affected",
              "version": "7.17.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.16.4",
              "status": "affected",
              "version": "7.16.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.16.3",
              "status": "affected",
              "version": "7.16.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.16.2",
              "status": "affected",
              "version": "7.16.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.16.1",
              "status": "affected",
              "version": "7.16.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.16.0",
              "status": "affected",
              "version": "7.16.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.15.5",
              "status": "affected",
              "version": "7.15.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.15.4",
              "status": "affected",
              "version": "7.15.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.15.3",
              "status": "affected",
              "version": "7.15.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.15.2",
              "status": "affected",
              "version": "7.15.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.15.1",
              "status": "affected",
              "version": "7.15.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.15.0",
              "status": "affected",
              "version": "7.15.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.14.1",
              "status": "affected",
              "version": "7.14.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Dwij Mehta (O2 Lab"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Texas A\u0026M University)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Daniel Stenberg"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "curl might erroneously pass on credentials for a first proxy to a second\nproxy.\n\nThis can happen when the following conditions are true:\n\n1. curl is setup to use specific different proxies for different URL schemes\n2. the first proxy needs credentials\n3. the second proxy uses no credentials\n4. while using the first proxy (using say `http://`), curl is asked to follow\n   a redirect to a URL using another scheme (say `https://`), accessed using a\n   second, different, proxy"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-522 Insufficiently Protected Credentials",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T08:28:03.004Z",
        "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "shortName": "curl"
      },
      "references": [
        {
          "name": "json",
          "url": "https://curl.se/docs/CVE-2026-6253.json"
        },
        {
          "name": "www",
          "url": "https://curl.se/docs/CVE-2026-6253.html"
        },
        {
          "name": "issue",
          "url": "https://hackerone.com/reports/3669637"
        }
      ],
      "title": "proxy credentials leak over redirect-to proxy"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
    "assignerShortName": "curl",
    "cveId": "CVE-2026-6253",
    "datePublished": "2026-05-13T08:28:03.004Z",
    "dateReserved": "2026-04-13T20:11:11.991Z",
    "dateUpdated": "2026-05-13T17:42:40.102Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6276 (GCVE-0-2026-6276)

Vulnerability from cvelistv5 – Published: 2026-05-13 08:28 – Updated: 2026-05-13 17:26

Title

stale custom cookie host causes cookie leak

Summary

Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done using the same *easy handle* but without the custom `Host:` header set, the second request would use stale information and pass on cookies meant for the first host in the second request. Leak them.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: poc Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-346 Origin Validation Error

Assigner

curl

References

4 references

URL	Tags
https://curl.se/docs/CVE-2026-6276.json
https://curl.se/docs/CVE-2026-6276.html
https://hackerone.com/reports/3671818
http://www.openwall.com/lists/oss-security/2026/0…

Impacted products

1 product

Vendor	Product	Version
curl	curl	Affected: 8.19.0 , ≤ 8.19.0 (semver) Affected: 8.18.0 , ≤ 8.18.0 (semver) Affected: 8.17.0 , ≤ 8.17.0 (semver) Affected: 8.16.0 , ≤ 8.16.0 (semver) Affected: 8.15.0 , ≤ 8.15.0 (semver) Affected: 8.14.1 , ≤ 8.14.1 (semver) Affected: 8.14.0 , ≤ 8.14.0 (semver) Affected: 8.13.0 , ≤ 8.13.0 (semver) Affected: 8.12.1 , ≤ 8.12.1 (semver) Affected: 8.12.0 , ≤ 8.12.0 (semver) Affected: 8.11.1 , ≤ 8.11.1 (semver) Affected: 8.11.0 , ≤ 8.11.0 (semver) Affected: 8.10.1 , ≤ 8.10.1 (semver) Affected: 8.10.0 , ≤ 8.10.0 (semver) Affected: 8.9.1 , ≤ 8.9.1 (semver) Affected: 8.9.0 , ≤ 8.9.0 (semver) Affected: 8.8.0 , ≤ 8.8.0 (semver) Affected: 8.7.1 , ≤ 8.7.1 (semver) Affected: 8.7.0 , ≤ 8.7.0 (semver) Affected: 8.6.0 , ≤ 8.6.0 (semver) Affected: 8.5.0 , ≤ 8.5.0 (semver) Affected: 8.4.0 , ≤ 8.4.0 (semver) Affected: 8.3.0 , ≤ 8.3.0 (semver) Affected: 8.2.1 , ≤ 8.2.1 (semver) Affected: 8.2.0 , ≤ 8.2.0 (semver) Affected: 8.1.2 , ≤ 8.1.2 (semver) Affected: 8.1.1 , ≤ 8.1.1 (semver) Affected: 8.1.0 , ≤ 8.1.0 (semver) Affected: 8.0.1 , ≤ 8.0.1 (semver) Affected: 8.0.0 , ≤ 8.0.0 (semver) Affected: 7.88.1 , ≤ 7.88.1 (semver) Affected: 7.88.0 , ≤ 7.88.0 (semver) Affected: 7.87.0 , ≤ 7.87.0 (semver) Affected: 7.86.0 , ≤ 7.86.0 (semver) Affected: 7.85.0 , ≤ 7.85.0 (semver) Affected: 7.84.0 , ≤ 7.84.0 (semver) Affected: 7.83.1 , ≤ 7.83.1 (semver) Affected: 7.83.0 , ≤ 7.83.0 (semver) Affected: 7.82.0 , ≤ 7.82.0 (semver) Affected: 7.81.0 , ≤ 7.81.0 (semver) Affected: 7.80.0 , ≤ 7.80.0 (semver) Affected: 7.79.1 , ≤ 7.79.1 (semver) Affected: 7.79.0 , ≤ 7.79.0 (semver) Affected: 7.78.0 , ≤ 7.78.0 (semver) Affected: 7.77.0 , ≤ 7.77.0 (semver) Affected: 7.76.1 , ≤ 7.76.1 (semver) Affected: 7.76.0 , ≤ 7.76.0 (semver) Affected: 7.75.0 , ≤ 7.75.0 (semver) Affected: 7.74.0 , ≤ 7.74.0 (semver) Affected: 7.73.0 , ≤ 7.73.0 (semver) Affected: 7.72.0 , ≤ 7.72.0 (semver) Affected: 7.71.1 , ≤ 7.71.1 (semver) Affected: 7.71.0 , ≤ 7.71.0 (semver)

Credits

Muhamad Arga Reksapati Daniel Stenberg

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-13T09:05:37.539Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/29/13"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-6276",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T17:24:29.094167Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T17:26:06.894Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://hackerone.com/reports/3671818"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "curl",
          "vendor": "curl",
          "versions": [
            {
              "lessThanOrEqual": "8.19.0",
              "status": "affected",
              "version": "8.19.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.18.0",
              "status": "affected",
              "version": "8.18.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.17.0",
              "status": "affected",
              "version": "8.17.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.16.0",
              "status": "affected",
              "version": "8.16.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.15.0",
              "status": "affected",
              "version": "8.15.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.14.1",
              "status": "affected",
              "version": "8.14.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.14.0",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.13.0",
              "status": "affected",
              "version": "8.13.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.12.1",
              "status": "affected",
              "version": "8.12.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.12.0",
              "status": "affected",
              "version": "8.12.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.11.1",
              "status": "affected",
              "version": "8.11.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.11.0",
              "status": "affected",
              "version": "8.11.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.10.1",
              "status": "affected",
              "version": "8.10.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.10.0",
              "status": "affected",
              "version": "8.10.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.9.1",
              "status": "affected",
              "version": "8.9.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.9.0",
              "status": "affected",
              "version": "8.9.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.8.0",
              "status": "affected",
              "version": "8.8.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.7.1",
              "status": "affected",
              "version": "8.7.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.7.0",
              "status": "affected",
              "version": "8.7.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.6.0",
              "status": "affected",
              "version": "8.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.0",
              "status": "affected",
              "version": "8.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.0",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.3.0",
              "status": "affected",
              "version": "8.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.2.1",
              "status": "affected",
              "version": "8.2.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.2.0",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.1.2",
              "status": "affected",
              "version": "8.1.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.1.1",
              "status": "affected",
              "version": "8.1.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.1.0",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.0.1",
              "status": "affected",
              "version": "8.0.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.0.0",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.88.1",
              "status": "affected",
              "version": "7.88.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.88.0",
              "status": "affected",
              "version": "7.88.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.87.0",
              "status": "affected",
              "version": "7.87.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.86.0",
              "status": "affected",
              "version": "7.86.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.85.0",
              "status": "affected",
              "version": "7.85.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.84.0",
              "status": "affected",
              "version": "7.84.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.83.1",
              "status": "affected",
              "version": "7.83.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.83.0",
              "status": "affected",
              "version": "7.83.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.82.0",
              "status": "affected",
              "version": "7.82.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.81.0",
              "status": "affected",
              "version": "7.81.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.80.0",
              "status": "affected",
              "version": "7.80.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.79.1",
              "status": "affected",
              "version": "7.79.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.79.0",
              "status": "affected",
              "version": "7.79.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.78.0",
              "status": "affected",
              "version": "7.78.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.77.0",
              "status": "affected",
              "version": "7.77.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.76.1",
              "status": "affected",
              "version": "7.76.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.76.0",
              "status": "affected",
              "version": "7.76.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.75.0",
              "status": "affected",
              "version": "7.75.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.74.0",
              "status": "affected",
              "version": "7.74.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.73.0",
              "status": "affected",
              "version": "7.73.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.72.0",
              "status": "affected",
              "version": "7.72.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.71.1",
              "status": "affected",
              "version": "7.71.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.71.0",
              "status": "affected",
              "version": "7.71.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Muhamad Arga Reksapati"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Daniel Stenberg"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Using libcurl, when a custom `Host:` header is first set for an HTTP request\nand a second request is subsequently done using the same *easy handle* but\nwithout the custom `Host:` header set, the second request would use stale\ninformation and pass on cookies meant for the first host in the second\nrequest. Leak them."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-346 Origin Validation Error",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T08:28:19.273Z",
        "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "shortName": "curl"
      },
      "references": [
        {
          "name": "json",
          "url": "https://curl.se/docs/CVE-2026-6276.json"
        },
        {
          "name": "www",
          "url": "https://curl.se/docs/CVE-2026-6276.html"
        },
        {
          "name": "issue",
          "url": "https://hackerone.com/reports/3671818"
        }
      ],
      "title": "stale custom cookie host causes cookie leak"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
    "assignerShortName": "curl",
    "cveId": "CVE-2026-6276",
    "datePublished": "2026-05-13T08:28:19.273Z",
    "dateReserved": "2026-04-14T14:01:54.772Z",
    "dateUpdated": "2026-05-13T17:26:06.894Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-6429 (GCVE-0-2026-6429)

Vulnerability from cvelistv5 – Published: 2026-05-13 08:28 – Updated: 2026-05-13 14:03

Title

netrc credential leak with reused proxy connection

Summary

When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Assigner

curl

References

3 references

URL	Tags
https://curl.se/docs/CVE-2026-6429.json
https://curl.se/docs/CVE-2026-6429.html
https://hackerone.com/reports/3677759

Impacted products

1 product

Vendor	Product	Version
curl	curl	Affected: 8.19.0 , ≤ 8.19.0 (semver) Affected: 8.18.0 , ≤ 8.18.0 (semver) Affected: 8.17.0 , ≤ 8.17.0 (semver) Affected: 8.16.0 , ≤ 8.16.0 (semver) Affected: 8.15.0 , ≤ 8.15.0 (semver) Affected: 8.14.1 , ≤ 8.14.1 (semver) Affected: 8.14.0 , ≤ 8.14.0 (semver) Affected: 8.13.0 , ≤ 8.13.0 (semver) Affected: 8.12.1 , ≤ 8.12.1 (semver) Affected: 8.12.0 , ≤ 8.12.0 (semver) Affected: 8.11.1 , ≤ 8.11.1 (semver) Affected: 8.11.0 , ≤ 8.11.0 (semver) Affected: 8.10.1 , ≤ 8.10.1 (semver) Affected: 8.10.0 , ≤ 8.10.0 (semver) Affected: 8.9.1 , ≤ 8.9.1 (semver) Affected: 8.9.0 , ≤ 8.9.0 (semver) Affected: 8.8.0 , ≤ 8.8.0 (semver) Affected: 8.7.1 , ≤ 8.7.1 (semver) Affected: 8.7.0 , ≤ 8.7.0 (semver) Affected: 8.6.0 , ≤ 8.6.0 (semver) Affected: 8.5.0 , ≤ 8.5.0 (semver) Affected: 8.4.0 , ≤ 8.4.0 (semver) Affected: 8.3.0 , ≤ 8.3.0 (semver) Affected: 8.2.1 , ≤ 8.2.1 (semver) Affected: 8.2.0 , ≤ 8.2.0 (semver) Affected: 8.1.2 , ≤ 8.1.2 (semver) Affected: 8.1.1 , ≤ 8.1.1 (semver) Affected: 8.1.0 , ≤ 8.1.0 (semver) Affected: 8.0.1 , ≤ 8.0.1 (semver) Affected: 8.0.0 , ≤ 8.0.0 (semver) Affected: 7.88.1 , ≤ 7.88.1 (semver) Affected: 7.88.0 , ≤ 7.88.0 (semver) Affected: 7.87.0 , ≤ 7.87.0 (semver) Affected: 7.86.0 , ≤ 7.86.0 (semver) Affected: 7.85.0 , ≤ 7.85.0 (semver) Affected: 7.84.0 , ≤ 7.84.0 (semver) Affected: 7.83.1 , ≤ 7.83.1 (semver) Affected: 7.83.0 , ≤ 7.83.0 (semver) Affected: 7.82.0 , ≤ 7.82.0 (semver) Affected: 7.81.0 , ≤ 7.81.0 (semver) Affected: 7.80.0 , ≤ 7.80.0 (semver) Affected: 7.79.1 , ≤ 7.79.1 (semver) Affected: 7.79.0 , ≤ 7.79.0 (semver) Affected: 7.78.0 , ≤ 7.78.0 (semver) Affected: 7.77.0 , ≤ 7.77.0 (semver) Affected: 7.76.1 , ≤ 7.76.1 (semver) Affected: 7.76.0 , ≤ 7.76.0 (semver) Affected: 7.75.0 , ≤ 7.75.0 (semver) Affected: 7.74.0 , ≤ 7.74.0 (semver) Affected: 7.73.0 , ≤ 7.73.0 (semver) Affected: 7.72.0 , ≤ 7.72.0 (semver) Affected: 7.71.1 , ≤ 7.71.1 (semver) Affected: 7.71.0 , ≤ 7.71.0 (semver) Affected: 7.70.0 , ≤ 7.70.0 (semver) Affected: 7.69.1 , ≤ 7.69.1 (semver) Affected: 7.69.0 , ≤ 7.69.0 (semver) Affected: 7.68.0 , ≤ 7.68.0 (semver) Affected: 7.67.0 , ≤ 7.67.0 (semver) Affected: 7.66.0 , ≤ 7.66.0 (semver) Affected: 7.65.3 , ≤ 7.65.3 (semver) Affected: 7.65.2 , ≤ 7.65.2 (semver) Affected: 7.65.1 , ≤ 7.65.1 (semver) Affected: 7.65.0 , ≤ 7.65.0 (semver) Affected: 7.64.1 , ≤ 7.64.1 (semver) Affected: 7.64.0 , ≤ 7.64.0 (semver) Affected: 7.63.0 , ≤ 7.63.0 (semver) Affected: 7.62.0 , ≤ 7.62.0 (semver) Affected: 7.61.1 , ≤ 7.61.1 (semver) Affected: 7.61.0 , ≤ 7.61.0 (semver) Affected: 7.60.0 , ≤ 7.60.0 (semver) Affected: 7.59.0 , ≤ 7.59.0 (semver) Affected: 7.58.0 , ≤ 7.58.0 (semver) Affected: 7.57.0 , ≤ 7.57.0 (semver) Affected: 7.56.1 , ≤ 7.56.1 (semver) Affected: 7.56.0 , ≤ 7.56.0 (semver) Affected: 7.55.1 , ≤ 7.55.1 (semver) Affected: 7.55.0 , ≤ 7.55.0 (semver) Affected: 7.54.1 , ≤ 7.54.1 (semver) Affected: 7.54.0 , ≤ 7.54.0 (semver) Affected: 7.53.1 , ≤ 7.53.1 (semver) Affected: 7.53.0 , ≤ 7.53.0 (semver) Affected: 7.52.1 , ≤ 7.52.1 (semver) Affected: 7.52.0 , ≤ 7.52.0 (semver) Affected: 7.51.0 , ≤ 7.51.0 (semver) Affected: 7.50.3 , ≤ 7.50.3 (semver) Affected: 7.50.2 , ≤ 7.50.2 (semver) Affected: 7.50.1 , ≤ 7.50.1 (semver) Affected: 7.50.0 , ≤ 7.50.0 (semver) Affected: 7.49.1 , ≤ 7.49.1 (semver) Affected: 7.49.0 , ≤ 7.49.0 (semver) Affected: 7.48.0 , ≤ 7.48.0 (semver) Affected: 7.47.1 , ≤ 7.47.1 (semver) Affected: 7.47.0 , ≤ 7.47.0 (semver) Affected: 7.46.0 , ≤ 7.46.0 (semver) Affected: 7.45.0 , ≤ 7.45.0 (semver) Affected: 7.44.0 , ≤ 7.44.0 (semver) Affected: 7.43.0 , ≤ 7.43.0 (semver) Affected: 7.42.1 , ≤ 7.42.1 (semver) Affected: 7.42.0 , ≤ 7.42.0 (semver) Affected: 7.41.0 , ≤ 7.41.0 (semver) Affected: 7.40.0 , ≤ 7.40.0 (semver) Affected: 7.39.0 , ≤ 7.39.0 (semver) Affected: 7.38.0 , ≤ 7.38.0 (semver) Affected: 7.37.1 , ≤ 7.37.1 (semver) Affected: 7.37.0 , ≤ 7.37.0 (semver) Affected: 7.36.0 , ≤ 7.36.0 (semver) Affected: 7.35.0 , ≤ 7.35.0 (semver) Affected: 7.34.0 , ≤ 7.34.0 (semver) Affected: 7.33.0 , ≤ 7.33.0 (semver) Affected: 7.32.0 , ≤ 7.32.0 (semver) Affected: 7.31.0 , ≤ 7.31.0 (semver) Affected: 7.30.0 , ≤ 7.30.0 (semver) Affected: 7.29.0 , ≤ 7.29.0 (semver) Affected: 7.28.1 , ≤ 7.28.1 (semver) Affected: 7.28.0 , ≤ 7.28.0 (semver) Affected: 7.27.0 , ≤ 7.27.0 (semver) Affected: 7.26.0 , ≤ 7.26.0 (semver) Affected: 7.25.0 , ≤ 7.25.0 (semver) Affected: 7.24.0 , ≤ 7.24.0 (semver) Affected: 7.23.1 , ≤ 7.23.1 (semver) Affected: 7.23.0 , ≤ 7.23.0 (semver) Affected: 7.22.0 , ≤ 7.22.0 (semver) Affected: 7.21.7 , ≤ 7.21.7 (semver) Affected: 7.21.6 , ≤ 7.21.6 (semver) Affected: 7.21.5 , ≤ 7.21.5 (semver) Affected: 7.21.4 , ≤ 7.21.4 (semver) Affected: 7.21.3 , ≤ 7.21.3 (semver) Affected: 7.21.2 , ≤ 7.21.2 (semver) Affected: 7.21.1 , ≤ 7.21.1 (semver) Affected: 7.21.0 , ≤ 7.21.0 (semver) Affected: 7.20.1 , ≤ 7.20.1 (semver) Affected: 7.20.0 , ≤ 7.20.0 (semver) Affected: 7.19.7 , ≤ 7.19.7 (semver) Affected: 7.19.6 , ≤ 7.19.6 (semver) Affected: 7.19.5 , ≤ 7.19.5 (semver) Affected: 7.19.4 , ≤ 7.19.4 (semver) Affected: 7.19.3 , ≤ 7.19.3 (semver) Affected: 7.19.2 , ≤ 7.19.2 (semver) Affected: 7.19.1 , ≤ 7.19.1 (semver) Affected: 7.19.0 , ≤ 7.19.0 (semver) Affected: 7.18.2 , ≤ 7.18.2 (semver) Affected: 7.18.1 , ≤ 7.18.1 (semver) Affected: 7.18.0 , ≤ 7.18.0 (semver) Affected: 7.17.1 , ≤ 7.17.1 (semver) Affected: 7.17.0 , ≤ 7.17.0 (semver) Affected: 7.16.4 , ≤ 7.16.4 (semver) Affected: 7.16.3 , ≤ 7.16.3 (semver) Affected: 7.16.2 , ≤ 7.16.2 (semver) Affected: 7.16.1 , ≤ 7.16.1 (semver) Affected: 7.16.0 , ≤ 7.16.0 (semver) Affected: 7.15.5 , ≤ 7.15.5 (semver) Affected: 7.15.4 , ≤ 7.15.4 (semver) Affected: 7.15.3 , ≤ 7.15.3 (semver) Affected: 7.15.2 , ≤ 7.15.2 (semver) Affected: 7.15.1 , ≤ 7.15.1 (semver) Affected: 7.15.0 , ≤ 7.15.0 (semver) Affected: 7.14.1 , ≤ 7.14.1 (semver) Affected: 7.14.0 , ≤ 7.14.0 (semver)

Credits

Muhamad Arga Reksapati Daniel Stenberg

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-6429",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T14:03:52.312824Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T14:03:55.343Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "curl",
          "vendor": "curl",
          "versions": [
            {
              "lessThanOrEqual": "8.19.0",
              "status": "affected",
              "version": "8.19.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.18.0",
              "status": "affected",
              "version": "8.18.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.17.0",
              "status": "affected",
              "version": "8.17.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.16.0",
              "status": "affected",
              "version": "8.16.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.15.0",
              "status": "affected",
              "version": "8.15.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.14.1",
              "status": "affected",
              "version": "8.14.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.14.0",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.13.0",
              "status": "affected",
              "version": "8.13.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.12.1",
              "status": "affected",
              "version": "8.12.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.12.0",
              "status": "affected",
              "version": "8.12.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.11.1",
              "status": "affected",
              "version": "8.11.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.11.0",
              "status": "affected",
              "version": "8.11.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.10.1",
              "status": "affected",
              "version": "8.10.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.10.0",
              "status": "affected",
              "version": "8.10.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.9.1",
              "status": "affected",
              "version": "8.9.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.9.0",
              "status": "affected",
              "version": "8.9.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.8.0",
              "status": "affected",
              "version": "8.8.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.7.1",
              "status": "affected",
              "version": "8.7.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.7.0",
              "status": "affected",
              "version": "8.7.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.6.0",
              "status": "affected",
              "version": "8.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.0",
              "status": "affected",
              "version": "8.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.0",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.3.0",
              "status": "affected",
              "version": "8.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.2.1",
              "status": "affected",
              "version": "8.2.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.2.0",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.1.2",
              "status": "affected",
              "version": "8.1.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.1.1",
              "status": "affected",
              "version": "8.1.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.1.0",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.0.1",
              "status": "affected",
              "version": "8.0.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.0.0",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.88.1",
              "status": "affected",
              "version": "7.88.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.88.0",
              "status": "affected",
              "version": "7.88.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.87.0",
              "status": "affected",
              "version": "7.87.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.86.0",
              "status": "affected",
              "version": "7.86.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.85.0",
              "status": "affected",
              "version": "7.85.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.84.0",
              "status": "affected",
              "version": "7.84.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.83.1",
              "status": "affected",
              "version": "7.83.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.83.0",
              "status": "affected",
              "version": "7.83.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.82.0",
              "status": "affected",
              "version": "7.82.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.81.0",
              "status": "affected",
              "version": "7.81.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.80.0",
              "status": "affected",
              "version": "7.80.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.79.1",
              "status": "affected",
              "version": "7.79.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.79.0",
              "status": "affected",
              "version": "7.79.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.78.0",
              "status": "affected",
              "version": "7.78.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.77.0",
              "status": "affected",
              "version": "7.77.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.76.1",
              "status": "affected",
              "version": "7.76.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.76.0",
              "status": "affected",
              "version": "7.76.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.75.0",
              "status": "affected",
              "version": "7.75.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.74.0",
              "status": "affected",
              "version": "7.74.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.73.0",
              "status": "affected",
              "version": "7.73.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.72.0",
              "status": "affected",
              "version": "7.72.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.71.1",
              "status": "affected",
              "version": "7.71.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.71.0",
              "status": "affected",
              "version": "7.71.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.70.0",
              "status": "affected",
              "version": "7.70.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.69.1",
              "status": "affected",
              "version": "7.69.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.69.0",
              "status": "affected",
              "version": "7.69.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.68.0",
              "status": "affected",
              "version": "7.68.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.67.0",
              "status": "affected",
              "version": "7.67.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.66.0",
              "status": "affected",
              "version": "7.66.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.65.3",
              "status": "affected",
              "version": "7.65.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.65.2",
              "status": "affected",
              "version": "7.65.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.65.1",
              "status": "affected",
              "version": "7.65.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.65.0",
              "status": "affected",
              "version": "7.65.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.64.1",
              "status": "affected",
              "version": "7.64.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.64.0",
              "status": "affected",
              "version": "7.64.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.63.0",
              "status": "affected",
              "version": "7.63.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.62.0",
              "status": "affected",
              "version": "7.62.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.61.1",
              "status": "affected",
              "version": "7.61.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.61.0",
              "status": "affected",
              "version": "7.61.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.60.0",
              "status": "affected",
              "version": "7.60.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.59.0",
              "status": "affected",
              "version": "7.59.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.58.0",
              "status": "affected",
              "version": "7.58.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.57.0",
              "status": "affected",
              "version": "7.57.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.56.1",
              "status": "affected",
              "version": "7.56.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.56.0",
              "status": "affected",
              "version": "7.56.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.55.1",
              "status": "affected",
              "version": "7.55.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.55.0",
              "status": "affected",
              "version": "7.55.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.54.1",
              "status": "affected",
              "version": "7.54.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.54.0",
              "status": "affected",
              "version": "7.54.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.53.1",
              "status": "affected",
              "version": "7.53.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.53.0",
              "status": "affected",
              "version": "7.53.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.52.1",
              "status": "affected",
              "version": "7.52.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.52.0",
              "status": "affected",
              "version": "7.52.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.51.0",
              "status": "affected",
              "version": "7.51.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.50.3",
              "status": "affected",
              "version": "7.50.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.50.2",
              "status": "affected",
              "version": "7.50.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.50.1",
              "status": "affected",
              "version": "7.50.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.50.0",
              "status": "affected",
              "version": "7.50.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.49.1",
              "status": "affected",
              "version": "7.49.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.49.0",
              "status": "affected",
              "version": "7.49.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.48.0",
              "status": "affected",
              "version": "7.48.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.47.1",
              "status": "affected",
              "version": "7.47.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.47.0",
              "status": "affected",
              "version": "7.47.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.46.0",
              "status": "affected",
              "version": "7.46.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.45.0",
              "status": "affected",
              "version": "7.45.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.44.0",
              "status": "affected",
              "version": "7.44.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.43.0",
              "status": "affected",
              "version": "7.43.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.42.1",
              "status": "affected",
              "version": "7.42.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.42.0",
              "status": "affected",
              "version": "7.42.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.41.0",
              "status": "affected",
              "version": "7.41.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.40.0",
              "status": "affected",
              "version": "7.40.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.39.0",
              "status": "affected",
              "version": "7.39.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.38.0",
              "status": "affected",
              "version": "7.38.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.37.1",
              "status": "affected",
              "version": "7.37.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.37.0",
              "status": "affected",
              "version": "7.37.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.36.0",
              "status": "affected",
              "version": "7.36.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.35.0",
              "status": "affected",
              "version": "7.35.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.34.0",
              "status": "affected",
              "version": "7.34.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.33.0",
              "status": "affected",
              "version": "7.33.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.32.0",
              "status": "affected",
              "version": "7.32.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.31.0",
              "status": "affected",
              "version": "7.31.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.30.0",
              "status": "affected",
              "version": "7.30.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.29.0",
              "status": "affected",
              "version": "7.29.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.28.1",
              "status": "affected",
              "version": "7.28.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.28.0",
              "status": "affected",
              "version": "7.28.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.27.0",
              "status": "affected",
              "version": "7.27.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.26.0",
              "status": "affected",
              "version": "7.26.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.25.0",
              "status": "affected",
              "version": "7.25.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.24.0",
              "status": "affected",
              "version": "7.24.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.23.1",
              "status": "affected",
              "version": "7.23.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.23.0",
              "status": "affected",
              "version": "7.23.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.22.0",
              "status": "affected",
              "version": "7.22.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.7",
              "status": "affected",
              "version": "7.21.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.6",
              "status": "affected",
              "version": "7.21.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.5",
              "status": "affected",
              "version": "7.21.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.4",
              "status": "affected",
              "version": "7.21.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.3",
              "status": "affected",
              "version": "7.21.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.2",
              "status": "affected",
              "version": "7.21.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.1",
              "status": "affected",
              "version": "7.21.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.21.0",
              "status": "affected",
              "version": "7.21.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.20.1",
              "status": "affected",
              "version": "7.20.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.20.0",
              "status": "affected",
              "version": "7.20.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.7",
              "status": "affected",
              "version": "7.19.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.6",
              "status": "affected",
              "version": "7.19.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.5",
              "status": "affected",
              "version": "7.19.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.4",
              "status": "affected",
              "version": "7.19.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.3",
              "status": "affected",
              "version": "7.19.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.2",
              "status": "affected",
              "version": "7.19.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.1",
              "status": "affected",
              "version": "7.19.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.19.0",
              "status": "affected",
              "version": "7.19.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.18.2",
              "status": "affected",
              "version": "7.18.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.18.1",
              "status": "affected",
              "version": "7.18.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.18.0",
              "status": "affected",
              "version": "7.18.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.17.1",
              "status": "affected",
              "version": "7.17.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.17.0",
              "status": "affected",
              "version": "7.17.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.16.4",
              "status": "affected",
              "version": "7.16.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.16.3",
              "status": "affected",
              "version": "7.16.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.16.2",
              "status": "affected",
              "version": "7.16.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.16.1",
              "status": "affected",
              "version": "7.16.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.16.0",
              "status": "affected",
              "version": "7.16.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.15.5",
              "status": "affected",
              "version": "7.15.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.15.4",
              "status": "affected",
              "version": "7.15.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.15.3",
              "status": "affected",
              "version": "7.15.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.15.2",
              "status": "affected",
              "version": "7.15.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.15.1",
              "status": "affected",
              "version": "7.15.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.15.0",
              "status": "affected",
              "version": "7.15.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.14.1",
              "status": "affected",
              "version": "7.14.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.14.0",
              "status": "affected",
              "version": "7.14.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Muhamad Arga Reksapati"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Daniel Stenberg"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, libcurl could leak the password used for the first host to the\nfollowed-to host under certain circumstances."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T08:28:36.166Z",
        "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "shortName": "curl"
      },
      "references": [
        {
          "name": "json",
          "url": "https://curl.se/docs/CVE-2026-6429.json"
        },
        {
          "name": "www",
          "url": "https://curl.se/docs/CVE-2026-6429.html"
        },
        {
          "name": "issue",
          "url": "https://hackerone.com/reports/3677759"
        }
      ],
      "title": "netrc credential leak with reused proxy connection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
    "assignerShortName": "curl",
    "cveId": "CVE-2026-6429",
    "datePublished": "2026-05-13T08:28:36.166Z",
    "dateReserved": "2026-04-16T14:48:02.991Z",
    "dateUpdated": "2026-05-13T14:03:55.343Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

SUSE-SU-2026:22146-1

CVE-2026-4873 (GCVE-0-2026-4873)

CVE-2026-5545 (GCVE-0-2026-5545)

CVE-2026-6253 (GCVE-0-2026-6253)

CVE-2026-6276 (GCVE-0-2026-6276)

CVE-2026-6429 (GCVE-0-2026-6429)

Tags

Sightings

Nomenclature