CVE-2026-3783

Exploit

EPSS 0.02%
Veröffentlicht 11.03.2026 10:09:08
Zuletzt bearbeitet 12.03.2026 14:10:37
Quelle 2499f714-1537-4658-8207-48ae4b
CVE-Watchlists
Login
Unerledigt
Login

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer
performs a redirect to a second URL, curl could leak that token to the second
hostname under some circumstances.

If the hostname that the first request is redirected to has information in the
used .netrc file, with either of the `machine` or `default` keywords, curl
would pass on the bearer token set for the first host also to the second one.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Haxx ≫ Curl Version >= 7.33.0 < 8.19.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.035

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://curl.se/docs/CVE-2026-3783.json

Vendor Advisory

https://curl.se/docs/CVE-2026-3783.html

Patch

Vendor Advisory

https://hackerone.com/reports/3583983

Third Party Advisory

Exploit

Issue Tracking

http://www.openwall.com/lists/oss-security/2026/03/11/2

Third Party Advisory

Mailing List