216.73.217.50

CVE-2026-3783

· Published 11/03/2026 11:16 · Modified 12/03/2026 14:10

Labels: CVE-2026-3783 2026-03-112499f714-1537-4658-8207-48ae4bb9eae9CVE-2026-3783CWE-522

Essential information

Published
11/03/2026 11:16
Modified
12/03/2026 14:10
Author
Creator
CVSS
5.3 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS metrics

Description

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with either of the `machine` or `default` keywords, curl would pass on the bearer token set for the first host also to the second one.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
2499f714-1537-4658-8207-48ae4bb9eae9
NVD
View on NVD

Affected products (CPE)

ProductCPE
haxx / curl cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*

References