CVE-2026-3783

Medium CVSS: 5.3

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer
performs a redirect to a second URL, curl could leak that token to the second
hostname under some circumstances.

If the hostname that the first request is redirected to has information in the
used .netrc file, with either of the `machine` or `default` keywords, curl
would pass on the bearer token set for the first host also to the second one.

Vendor

Haxx

Product

Curl

CWE

CWE-522

Yayın Tarihi

2026-03-11 11:16:00

Güncelleme

2026-03-12 14:10:37

Source Identifier

2499f714-1537-4658-8207-48ae4bb9eae9

KEV Date Added

Kategoriler

CWE-522 Curl MEDIUM Haxx 2026

Referanslar

https://curl.se/docs/CVE-2026-3783.html https://curl.se/docs/CVE-2026-3783.json https://hackerone.com/reports/3583983 http://www.openwall.com/lists/oss-security/2026/03/11/2

Benzer Kayıtlar

Medium

CVE-2026-3784

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses diffe…

High

CVE-2026-3805

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already free…

Medium

CVE-2026-1965

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS r…

Medium

CVE-2025-15079

When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenl…

Low

CVE-2025-15224

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly s…

Medium

CVE-2025-14524

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a s…