216.73.217.80

CVE-2026-6253

· Published 13/05/2026 13:01 · Modified 14/05/2026 13:40

Labels: CVE-2026-6253 2026-05-132499f714-1537-4658-8207-48ae4bb9eae9CVE-2026-6253CWE-522

Essential information

Published
13/05/2026 13:01
Modified
14/05/2026 13:40
Author
Creator
CVSS
5.9 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for different URL schemes 2. the first proxy needs credentials 3. the second proxy uses no credentials 4. while using the first proxy (using say `http://`), curl is asked to follow a redirect to a URL using another scheme (say `https://`), accessed using a second, different, proxy

NVD status

Status
Analyzed — CVE is currently being analyzed by NVD staff, this process results in association of reference link tags, CVSS scores, CWE association, and CPE applicability statements.
Source
2499f714-1537-4658-8207-48ae4bb9eae9
NVD
View on NVD

Affected products (CPE)

ProductCPE
haxx / curl cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*

References