CVE-2026-48856 httpc leaks Authorization header to cross-origin redirect targets

Sensitive Data Exposure vulnerability in Erlang OTP inets httpcresponse module allows Retrieve Embedded Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an origin boundary...

CVE-2026-47070

Sensitive Data Exposure vulnerability in benoitc hackney allows Retrieve Embedded Sensitive Data. The HTTP/3 redirect handler in src/hackneyh3.erl passes the original request headers unchanged to the redirect target without performing any cross-origin check. When a client issues an HTTP/3 request...

CVE-2026-41181 Traefik: Errors middleware forwards Authorization and Cookie headers to separate error page service

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3, there is an information disclosure vulnerability in Traefik's errors custom error pages middleware. When the backend returns a response matching the configured status range, the middleware forwards the...

BIT-TOMCAT-2026-42498 Apache Tomcat: WebSocket authentication header exposure

Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.21, from 10.1.0 through 10.1.54, from 9.0.2 through 9.0.117, from 8.5.24 through 8.5.100, from 7.0.83 through...

SUSE CVE-2026-42498

Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.2 through 9.0.117, from 8.5.24 through 8.5.100, from 7.0.83 through...

CVE-2026-44992

OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv to override MINIMAXAPIHOST. Attackers can redirect credentialed MiniMax API requests to attacker-controlled origins, exposing the MiniMax API key in Authorization headers...

Unity Linux 20.1050e / 20.1070e Security Update: golang (UTSA-2026-017391)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017391 advisory. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is...

CVE-2026-41345

OpenClaw before 2026.3.31 contains a credential exposure vulnerability in media download functionality that forwards Authorization headers across cross-origin redirects. Attackers can exploit this by crafting malicious cross-origin redirect chains to intercept sensitive authorization credentials...

CVE-2026-22664

prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in the Fal.ai media status polling feature that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack ...

GHSA-6465-JGVQ-JHGP Sentry's sensitive headers are leaked when `sendDefaultPii` is set to `true`

Impact In version 10.11.0, a change to how the SDK collects request data in Node.js applications caused certain incoming HTTP headers to be added as trace span attributes. When sendDefaultPii: true was set, a few headers that were previously redacted - including Authorization and Cookie - were...

EUVD-2022-7642

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-54956

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Authorization header from the corresponding HTTP request...

EulerOS 2.0 SP11 : golang (EulerOS-SA-2025-1927)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization head...

CVE-2025-54956

The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Authorization header from the corresponding HTTP request...

CVE-2025-54956

The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Authorization header from the corresponding HTTP request...

CVE-2025-54956

CVE-2025-54956 affects the R package gh (pre-1.5.0). The vulnerability arises when an HTTP response is constructed to include the request’s Authorization header, potentially exposing credentials. Several connected advisories confirm the issue and provide mitigations: Debian LTS DLA-4378-1 notes a...

CVE-2025-31491 AutoGPT allows leakage of cross-domain cookies and protected headers in requests redirect

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows of leakage of cross-domain cookies and protected headers in requests redirect. AutoGPT uses a wrapper around the requests...

Linux Distros Unpatched Vulnerability : CVE-2024-1968

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In scrapy/scrapy, an issue was identified where the Authorization header is not removed during redirects that only change the scheme e.g., HTTPS to HTTP but...

CVE-2020-15125

In auth0 npm package versions before 2.27.1, a DenyList of specific keys that should be sanitized from the request object contained in the error object is used. The key for Authorization header is not sanitized and in certain cases the Authorization header value can be logged exposing a bearer...

SUSE-SU-2025:0366-1 Security update for wget

This update for wget fixes the following issues: - CVE-2021-31879: Authorization header disclosed upon redirects to different origins. bsc1185551...