CVE-2026-9079
libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them.
View on NVDAnalysis
A critical vulnerability in libcurl (curl) fails to properly clear proxy authentication credentials, allowing them to be leaked or reused in subsequent transfers. Given curl's near-universal use in backend and mobile development, this could lead to unauthorized session access or credential exposure across many applications.
Relevant roles
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HEPSS
Technical description
libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them.