9.8

CVE-2026-9079

Exploit

stale proxy password leak

libcurl had a flaw that when instructed to clear proxy authentication
credentials which made it not do so, leaving the old credentials around to get
used for subsequent transfers that should not know nor use them.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HaxxCurl Version >= 8.8.0 < 8.21.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.06% 0.607
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://hackerone.com/reports/3750295
Third Party Advisory
Exploit
Issue Tracking
https://curl.se/docs/CVE-2026-9079.html
Patch
Vendor Advisory
https://curl.se/docs/CVE-2026-9079.json
Vendor Advisory