4 matches found
CLSA-2026-1779372929 curl: Fix of CVE-2026-7168
CVE-2026-7168: clear proxy Digest auth state when CURLOPTPROXY is reassigned to a different proxy host on the same easy handle so a stale Proxy-Authorization header is not replayed to the new proxy...
curl: CVE-2026-8927: env-set cross-proxy Digest auth state leak
AI-assisted preparation note I used AI assistance to help structure and format this report, but the technical findings, PoC, and verification results are based on local testing against curl/libcurl 8.20.0. Summary I found a possible incomplete-fix variant of CVE-2026-7168 in libcurl 8.20.0. The...
libcurl 7.12.0 < 8.20.0 Cross-Proxy Digest Auth State Leak
The version of libcurl installed on the remote host is 7.12.0 prior to 8.20.0. It is, therefore, affected by a cross-proxy digest auth state leak vulnerability: - libcurl improperly handles Digest authentication headers when reusing handles across different HTTP proxies. When a client switches fr...
USN-7055-1 freeradius vulnerability
Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl discovered that FreeRADIUS incorrectly authenticated certain responses. An attacker able to intercept communications between a RADIUS client and server could possibly use this issue to forge responses,...