🔐 CVE Alert

CVE-2026-9079

UNKNOWN 0.0

stale proxy password leak

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them.

Vendor curl
Product curl
Published Jul 3, 2026
Stay Ahead of the Next One

Get instant alerts for curl curl

Be the first to know when new unknown vulnerabilities affecting curl curl are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

curl / curl
8.20.0 ≤ 8.20.0 8.19.0 ≤ 8.19.0 8.18.0 ≤ 8.18.0 8.17.0 ≤ 8.17.0 8.16.0 ≤ 8.16.0 8.15.0 ≤ 8.15.0 8.14.1 ≤ 8.14.1 8.14.0 ≤ 8.14.0 8.13.0 ≤ 8.13.0 8.12.1 ≤ 8.12.1 8.12.0 ≤ 8.12.0 8.11.1 ≤ 8.11.1 8.11.0 ≤ 8.11.0 8.10.1 ≤ 8.10.1 8.10.0 ≤ 8.10.0 8.9.1 ≤ 8.9.1 8.9.0 ≤ 8.9.0 8.8.0 ≤ 8.8.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗
curl.se: https://curl.se/docs/CVE-2026-9079.json curl.se: https://curl.se/docs/CVE-2026-9079.html hackerone.com: https://hackerone.com/reports/3750295

Credits

Guancheng Li Daniel Stenberg