Diese Seite wurde noch nicht in Ihre Sprache übersetzt. Inhalte werden auf Englisch angezeigt, während wir daran arbeiten.
💡 Keep dependencies up to date — most exploits target known, patchable vulnerabilities.
CVE-2026-6253: Proxy Credential Leak in cURL 8.12.0–8.19.0
Plattform
curl
Komponente
curl
Behoben in
8.19.1
CVE-2026-6253 affects versions of cURL between 8.12.0 and 8.19.0. This vulnerability allows credentials intended for one proxy to be inadvertently passed to a subsequent proxy, potentially exposing sensitive information. The issue arises from how cURL handles redirects between different URL schemes when multiple proxies are configured. A fix is available in cURL 8.19.1.
Auswirkungen und Angriffsszenarienwird übersetzt…
An attacker could exploit this vulnerability by crafting a malicious URL that triggers a redirect from one scheme (e.g., HTTP) to another (e.g., HTTPS), leveraging the configured proxy settings. This would cause cURL to forward the credentials of the first proxy to the second proxy, even if the second proxy does not require authentication. The potential impact is significant, as it could allow an attacker to gain unauthorized access to resources protected by the second proxy, potentially leading to data breaches or system compromise. The blast radius depends on the privileges and access granted by the second proxy. This is particularly concerning in environments with strict proxy authentication policies.
Ausnutzungskontextwird übersetzt…
CVE-2026-6253 was published on 2026-05-13. There is currently no public proof-of-concept (POC) code available. The EPSS score is pending evaluation, indicating the current assessment of exploitability is unknown. Monitor security advisories and threat intelligence feeds for any updates regarding active exploitation campaigns.
Bedrohungsanalyse
Exploit-Status
EPSS
0.02% (4% Perzentil)
Betroffene Software
Schwachstellen-Klassifikation (CWE)
Zeitleiste
- Reserviert
- Veröffentlicht
- EPSS aktualisiert
Mitigation und Workaroundswird übersetzt…
The primary mitigation is to upgrade to cURL version 8.19.1 or later, which addresses the credential forwarding issue. If upgrading is not immediately feasible, consider implementing stricter proxy authentication policies to minimize the impact of a potential credential leak. Specifically, ensure that all proxies require authentication and that credentials are not inadvertently passed between proxies. Network segmentation can also limit the lateral movement potential if this vulnerability is exploited. Review proxy configurations to ensure proper authentication and authorization policies are in place.
So behebenwird übersetzt…
Actualice a la versión 8.19.1 o superior para evitar la divulgación accidental de credenciales de proxy. Este problema ocurre al seguir redirecciones entre diferentes esquemas de URL cuando se utilizan proxies con y sin credenciales. Asegúrese de que su versión de cURL esté actualizada para mitigar este riesgo.
Häufig gestellte Fragenwird übersetzt…
What is CVE-2026-6253 — Proxy Credential Leak in cURL?
CVE-2026-6253 is a vulnerability in cURL versions 8.12.0 through 8.19.0 where credentials for a first proxy can be inadvertently passed to a second proxy due to how redirects are handled between different URL schemes. Severity pending evaluation.
Am I affected by CVE-2026-6253 in cURL?
You are affected if you are using cURL versions 8.12.0 to 8.19.0 and have configured multiple proxies with different authentication requirements. Check your cURL version with curl --version.
How do I fix CVE-2026-6253 in cURL?
Upgrade to cURL version 8.19.1 or later to resolve the vulnerability. If immediate upgrade is not possible, review and strengthen proxy authentication policies.
Is CVE-2026-6253 being actively exploited?
Currently, there are no reports of active exploitation or publicly available proof-of-concept code for CVE-2026-6253. However, it's crucial to monitor for updates.
Where can I find the official cURL advisory for CVE-2026-6253?
Refer to the official cURL security advisory for CVE-2026-6253 on the cURL website: https://curl.se/security/.
Ist dein Projekt betroffen?
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Jetzt testen — kein Konto
Laden Sie ein Manifest hoch (composer.lock, package-lock.json, WordPress Plugin-Liste…) oder fügen Sie Ihre Komponentenliste ein. Sie erhalten sofort einen Schwachstellenbericht. Das Hochladen einer Datei ist nur der Anfang: Mit einem Konto erhalten Sie kontinuierliche Überwachung, Slack/email-Benachrichtigungen, Multi-Projekt- und White-Label-Berichte.
Abhängigkeitsdatei hier ablegen
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...