CVEFinder.io

CVE-2026-6253

🔶 medium
🔍 Scan for this CVE
Summary

curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for different URL schemes 2. the first proxy needs credentials 3. the second proxy uses no credentials 4. while using the first proxy (using say `http://`), curl is asked to follow a redirect to a URL using another scheme (say `https://`), accessed using a second, different, proxy

CVSS Score
5.9
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-13
First Seen: 2026-05-17
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 33.3% of all 329,456 vulnerabilities in our database.

#219,613
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 13, 2026
🔍 Exploitation Status
Poc
Proof-of-concept available
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Partial
Limited system impact
🏆 Discovered By
Dwij Mehta (O2 Lab Texas A&M University) Daniel Stenberg (remediation developer)
SSVC data provided by CISA
Last Modified 2026-05-14
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE IDs (Weakness Types)
CWE-522

📦 Affected Products 1

Vendor Product Status Affected Versions
haxx curl Affected
> 7.14.1 < 8.20.0

🔗 References 4

https://curl.se/docs/CVE-2026-6253.html
Patch Vendor Advisory
https://curl.se/docs/CVE-2026-6253.json
Vendor Advisory
https://hackerone.com/reports/3669637
Exploit Issue Tracking Third Party Advisory
http://www.openwall.com/lists/oss-security/2026/04/2...
Mailing List Patch Third Party Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-4873 🔶 medium 5.9 0.0 A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the s... 2026-05-13
CVE-2026-6276 ⚠️ high 7.5 0.0 Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done u... 2026-05-13
CVE-2026-6429 🔶 medium 5.3 0.0 When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, libcurl could leak the password use... 2026-05-13
CVE-2026-7009 🔶 medium 5.3 0.0 When curl is told to use the Certificate Status Request TLS extension, often referred to as *OCSP stapling*, to verify t... 2026-05-13
CVE-2026-7168 🔶 medium 5.3 0.1 Successfully using libcurl to do a transfer over a specific HTTP proxy (`proxyA`) with **Digest** authentication and the... 2026-05-13
CVE-2026-1965 🔶 medium 6.5 0.1 libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS r... 2026-03-11
These CVEs affect the same products