Lucene search
K

11 matches found

NVD
NVD
added 5 days ago7 views

CVE-2026-8927

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

9.1CVSS0.00589EPSS
Exploits1References3
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-41508

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

5.9AI score0.00589EPSS
Exploits1References3
Cvelist
Cvelist
added 5 days ago39 views

CVE-2026-8927 env-set cross-proxy Digest auth state leak

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

0.00589EPSS
Exploits1References3
CVE
CVE
added 5 days ago18 views

CVE-2026-8927

CVE-2026-8927 involves libcurl when reusing a handle for sequential transfers driven by environment-variable proxies. The root cause is failure to clear proxy authentication state between requests, causing a Digest-auth session authenticated to proxyA to leak the Proxy-Authorization header to pro...

9.1CVSS5.9AI score0.00589EPSS
Exploits1References3Affected Software1
AlpineLinux
AlpineLinux
added 5 days ago6 views

CVE-2026-8927

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

9.1CVSS5.9AI score0.00589EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

libcurl 7.12.0 < 8.21.0 Cross-Proxy Digest Auth State Leak

The version of libcurl installed on the remote host is 7.12.0 prior to 8.21.0. It is, therefore, affected by a proxy credential disclosure vulnerability: - When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy...

9.1CVSS5.8AI score0.00589EPSS
Exploits1References2
OSV
OSV
added 2026/06/24 2:0 p.m.3 views

UBUNTU-CVE-2026-8927

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

9.1CVSS5.9AI score0.00589EPSS
Exploits1References4
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.5 views

env-set cross-proxy Digest auth state leak

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

9.1CVSS5.8AI score0.00589EPSS
Exploits1References1Affected Software2
OSV
OSV
added 2026/06/24 8:0 a.m.5 views

CURL-CVE-2026-8927 env-set cross-proxy Digest auth state leak

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

9.1CVSS5.8AI score0.00589EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51750

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description When reusing a handle for sequential transfers driven by environment-variable proxy configuration, the software fails to clear the proxy authentication state between requests. If an initial...

5.8AI score0.00589EPSS
Exploits1References20
Cvelist
Cvelist
added 2026/03/18 1:34 a.m.30 views

CVE-2026-22181 OpenClaw < 2026.3.2 - DNS Pinning Bypass via Environment Proxy Configuration in web_fetch

OpenClaw versions prior to 2026.3.2 contain a DNS pinning bypass vulnerability in strict URL fetch paths that allows attackers to circumvent SSRF guards when environment proxy variables are configured. When HTTPPROXY, HTTPSPROXY, or ALLPROXY environment variables are present, attacker-influenced...

7.6CVSS0.00221EPSS
Exploits0References3
Rows per page
Query Builder