JLSEC-2026-388

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number...

curl: auth/cookie leak on redirect

A vulnerability was found in curl. This security flaw allows leak authentication or cookie header data on HTTP redirects to the same host but another port number. Sending the same set of headers to a server on a different port number is a problem for applications that pass on custom Authorization...

The vulnerability of the cURL command-line utility lies in the insufficient protection of registration data, allowing an attacker to gain unauthorized access to the protected information.

The vulnerability of the cURL command-line utility is related to a data leak or a leak of cookie headers during HTTP redirection to the same host, but with a different port number. Exploiting this vulnerability allows an attacker to mistakenly send the same set of headers to hosts that are...

Auth/cookie leak on redirect

curl might leak authentication or cookie header data on HTTP redirects to the same host but another port number. When asked to send custom headers or cookies in its HTTP requests, curl sends that set of headers only to the host which name is used in the initial URL, so that redirects to other hos...

PT-2022-2590 · Curl +11 · Curl +11

Name of the Vulnerable Software and Affected Versions: curl versions prior to 7.83.0 Description: The issue is related to a insufficiently protected credentials vulnerability that may leak authentication or cookie header data on HTTP redirects to the same host but another port number. This could...