Back to CVE List

CVE-2026-8927

Vulnerability Description

When reusing a libcurl handle for sequential transfers driven by
environment-variable proxy configuration, libcurl fails to clear the proxy
authentication state between requests. Specifically, if the initial transfer
authenticates against `proxyA` using Digest auth, a subsequent transfer routed
through `proxyB` erroneously leaks the `Proxy-Authorization:` header intended
solely for `proxyA`.

Vulnerability Details

Published Date
Last Modified
Source
NVD

External References

Discussion (0)

Add Comment

No comments yet. Be the first!