CVE-2026-6253
Published: May 13, 2026
Modified: May 13, 2026
Description
curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for different URL schemes 2. the first proxy needs credentials 3. the second proxy uses no credentials 4. while using the first proxy (using say `http://`), curl is asked to follow a redirect to a URL using another scheme (say `https://`), accessed using a second, different, proxy
| Vendor | Product | Versions |
|---|---|---|
curl | curl | affected 8.19.0 - <= 8.19.0affected 8.18.0 - <= 8.18.0affected 8.17.0 - <= 8.17.0affected 8.16.0 - <= 8.16.0affected 8.15.0 - <= 8.15.0+152 more versions |
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now