Description

A flaw was found in libcurl. When configured to use a .netrc file for credentials and follow HTTP redirects, libcurl can inadvertently send the password from the initial connection to the redirected host. This sensitive information disclosure occurs when both the original and redirect URLs use clear text HTTP, are performed over the same HTTP proxy, and the same connection is reused. This vulnerability, categorized as an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200), could allow an attacker to obtain user credentials.

INFO

Published Date :

Last Modified :

Source :

AFFECTED PRODUCTS

The following products are affected by CVE-2026-6429 vulnerability.

Vendors Products
Curl
  • Libcurl
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-6429.

URL Resource
https://curl.se/docs/CVE-2026-6429.html cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-6429 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-6429 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact