CVE-2026-9079

critical

Description

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them.

References

https://hackerone.com/reports/3750295

https://curl.se/docs/CVE-2026-9079.json

https://curl.se/docs/CVE-2026-9079.html

Details

Source: Mitre, NVD

Published: 2026-07-03

Updated: 2026-07-07

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.0025