Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect in the RedirectHandler function. An attacker can obtain sensitive information such as session cookies, proxy credentials, and API keys by inducing a cross-host or cross-scheme redirect, causing these headers to be forwarde...

Security update for curl

This update for curl fixes the following issues: Security issues fixed: CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. CVE-2026-5545: wrong reuse of HTTP Negotiate connection bsc1262632. CVE-2026-6253: proxy credentials leak over redirect-to proxy bsc1262635. CVE-2026-6276:...

SUSE-SU-2026:1717-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-5545: wrong reuse of HTTP Negotiate connection bsc1262632. - CVE-2026-6253: proxy credentials leak over redirect-to proxy bsc1262635. -...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : curl vulnerabilities (USN-8227-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8227-1 advisory. It was discovered that curl incorrectly reused non-TLS connections when TLS was required in some STARTTLS configurations....

JLSEC-2026-438 curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the...

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...

USN-8227-1 curl vulnerabilities

It was discovered that curl incorrectly reused non-TLS connections when TLS was required in some STARTTLS configurations. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2026-4873 It was discovered that curl incorrectly reused certain HTTP Negotiate connection...

Curl 7.14.1 < 8.20.0 Proxy Credential Disclosure

The version of curl installed on the remote host is 7.14.1 prior to 8.20.0. It is, therefore, affected by a proxy credential disclosure vulnerability: - curl might erroneously pass on credentials for a first proxy to a second proxy. This flaw occurs when different proxies are configured for...

SUSE-SU-2026:21452-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-5545: wrong reuse of HTTP Negotiate connection bsc1262632. - CVE-2026-6253: proxy credentials leak over redirect-to proxy bsc1262635. -...

UBUNTU-CVE-2026-6253

curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for different URL schemes 2. the first proxy needs credentials 3. the second proxy uses no credentials 4. whil...

CVE-2026-6253

curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for different URL schemes 2. the first proxy needs credentials 3. the second proxy uses no credentials 4. whil...

CURL-CVE-2026-6253 proxy credentials leak over redirect-to proxy

curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for different URL schemes 2. the first proxy needs credentials 3. the second proxy uses no credentials 4. whil...

proxy credentials leak over redirect-to proxy

curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for different URL schemes 2. the first proxy needs credentials 3. the second proxy uses no credentials 4. whil...

PT-2026-35894

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description curl may erroneously pass credentials intended for a first proxy to a second proxy. This occurs when curl is configured to use different proxies for different URL schemes, the first proxy requir...

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via improper handling of proxy authentication during redirects when distinct proxies are configured for different URL schemes. An attacker can obtain sensitive proxy credentials by intercepting traff...

Fedora 44 : curl (2026-f13d888b0f)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f13d888b0f advisory. - Fix bad reuse of HTTP Negotiate connection CVE-2026-1965 - Fix token leak with redirect and netrc CVE-2026-3783 - Fix wrong proxy connection reuse...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libsoup (UTSA-2026-014297)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014297 advisory. A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects,...

CLSA-2026-1776763910 libsoup: Fix of 2 CVEs

CVE-2026-1467: validate URI host characters when checking if a URI is valid - CVE-2026-1539: fix proxy credentials leak on cross-origin HTTP redirect...

CLSA-2026-1776763201 libsoup: Fix of 2 CVEs

CVE-2026-1467: validate URI host characters when checking if a URI is valid - CVE-2026-1539: fix proxy credentials leak on cross-origin HTTP redirect...

Improper Access Control

github.com/redhatinsights/runtimes-inventory-operator is vulnerable to improper access control. The vulnerability is due to a misconfigured internal proxy that attaches administrative credentials to all commands, which allows a standard user to send unauthorized commands and gain full cluster...

Fedora 43 : curl (2026-66db242036)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-66db242036 advisory. - Fix bad reuse of HTTP Negotiate connection CVE-2026-1965 - Fix token leak with redirect and netrc CVE-2026-3783 - Fix wrong proxy connection reuse...