Skip to content
CVSS 9.8 · CRITICAL

CVE-2026-9079

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them.

Ver en NVD

Análisis

A critical vulnerability in libcurl (curl) fails to properly clear proxy authentication credentials, allowing them to be leaked or reused in subsequent transfers. Given curl's near-universal use in backend and mobile development, this could lead to unauthorized session access or credential exposure across many applications.

Roles relevantes

BackendCyberSecurityLinuxCC++Php

Severidad

Puntaje: 9.8(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH

EPSS

Probabilidad de explotación (próx. 30 días): 0.0025 (0.3%)
Percentil: 16.2%
EPSS: 2026-07-06

Descripción técnica

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them.

Publicada: 3/7/2026, 7:16:25
Última modificación: 6/7/2026, 18:20:47

Referencias

InicioEventosBlogRecursosEquipo