Gratis scannen
Analyse in behandelingCVE-2026-6429

CVE-2026-6429: Credentials Leak in cURL 8.12.0–8.19.0

Platform

c

Component

curl

Opgelost in

8.19.1

Bekijk op NVD
Opslaan

CVE-2026-6429 is a security vulnerability affecting cURL versions 8.12.0 through 8.19.0. This issue arises when cURL is configured to use a .netrc file for authentication and simultaneously follows HTTP redirects. Under specific conditions, the password used for the initial host can be inadvertently leaked to the redirected host, compromising sensitive credentials.

Impact en Aanvalsscenarioswordt vertaald…

The primary impact of CVE-2026-6429 is the potential for credential leakage. An attacker who can control the HTTP redirect destination can trick cURL into sending the initial host's password to a malicious server. This could lead to unauthorized access to systems and data protected by those credentials. The blast radius depends on the sensitivity of the credentials stored in the .netrc file and the permissions associated with the affected cURL instances. This vulnerability shares similarities with other authentication bypass vulnerabilities where improper handling of credentials can lead to privilege escalation or data exfiltration.

Uitbuitingscontextwordt vertaald…

CVE-2026-6429 was published on May 13, 2026. The EPSS score is pending evaluation. Currently, there are no publicly available proof-of-concept exploits. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns targeting this vulnerability.

Dreigingsinformatie

Exploit Status

Proof of ConceptOnbekend
CISA KEVNO

EPSS

0.02% (4% percentiel)

Getroffen Software

Componentcurl
Leveranciercurl
Minimumversie8.12.0
Maximumversie8.19.0
Opgelost in8.19.1

Zwakheidsclassificatie (CWE)

CWE-200

Tijdlijn

  1. Gereserveerd
  2. Gepubliceerd
  3. EPSS bijgewerkt

Mitigatie en Workaroundswordt vertaald…

The recommended mitigation for CVE-2026-6429 is to upgrade to cURL version 8.19.1 or later, which contains the fix. If upgrading is not immediately feasible, consider disabling HTTP redirects or restricting the use of .netrc files in environments where this vulnerability poses a significant risk. As a temporary workaround, carefully review and restrict the domains that cURL is allowed to access, limiting the potential for redirection to malicious sites. After upgrading, verify the fix by attempting a transfer with a redirect and confirming that the password is not exposed in the redirected request.

Hoe te verhelpenwordt vertaald…

Actualice a la versión 8.19.1 o posterior para evitar la fuga de credenciales. Este problema se produce al usar un archivo .netrc y seguir redirecciones HTTP, por lo que es importante aplicar la actualización lo antes posible para proteger la información confidencial.

Veelgestelde vragenwordt vertaald…

What is CVE-2026-6429 — Credentials Leak in cURL?

CVE-2026-6429 is a vulnerability in cURL versions 8.12.0 through 8.19.0 where passwords from .netrc files can be leaked during HTTP redirects, potentially exposing credentials to attackers.

Am I affected by CVE-2026-6429 in cURL?

You are affected if you are using cURL versions 8.12.0 through 8.19.0 and your application uses both .netrc files for authentication and follows HTTP redirects.

How do I fix CVE-2026-6429 in cURL?

Upgrade to cURL version 8.19.1 or later to resolve the vulnerability. As a temporary workaround, disable HTTP redirects or restrict .netrc file usage.

Is CVE-2026-6429 being actively exploited?

Currently, there are no publicly known active exploitation campaigns targeting CVE-2026-6429, but monitoring is advised.

Where can I find the official cURL advisory for CVE-2026-6429?

Refer to the official cURL security advisories on the cURL website for the latest information and updates regarding CVE-2026-6429: https://curl.se/security/

Is jouw project getroffen?

Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.

Gratis scannenCVEs zoeken
livefree scan

Probeer het nu — geen account

Upload een manifest (composer.lock, package-lock.json, WordPress pluginlijst…) of plak uw componentenlijst. U ontvangt direct een kwetsbaarheidsrapport. Een bestand uploaden is slechts het begin: met een account krijgt u continue monitoring, Slack/e-mail alerts, multi-project en white-label rapporten.

Manual scanSlack/email alertsscanZone.capMonitorWhite-label reports

Sleep uw afhankelijkheidsbestand hierheen

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...