216.73.216.102

CVE-2026-47070

· Published 25/05/2026 15:16 · Modified 26/05/2026 19:58

Labels: CVE-2026-47070 2026-05-256b3ad84c-e1a6-4bf7-a703-f496b71e49dbCVE-2026-47070CWE-601

Essential information

Published
25/05/2026 15:16
Modified
26/05/2026 19:58
Author
Creator
CVSS
6.0 MEDIUM (v3) 6.0 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Sensitive Data Exposure vulnerability in benoitc hackney allows Retrieve Embedded Sensitive Data. The HTTP/3 redirect handler in src/hackney_h3.erl passes the original request headers unchanged to the redirect target without performing any cross-origin check. When a client issues an HTTP/3 request with follow_redirect enabled and includes Authorization or Cookie headers, a server responding with a 3xx redirect to a different host will cause the client to forward those credentials verbatim to the new origin. The main hackney.erl module has maybe_strip_auth_on_redirect/2 (guarded by the location_trusted option) to address CVE-2018-1000007, but hackney_h3.erl is missing this protection entirely. This issue affects hackney: from 3.1.1 before 4.0.1.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
6b3ad84c-e1a6-4bf7-a703-f496b71e49db
NVD
View on NVD

Affected products (CPE)

ProductCPE
benoitc / hackney cpe:2.3:a:benoitc:hackney:<3.1.1-4.0.1:*:*:*:*:*:*:*

References