CVEFinder.io

CVE-2026-6276

⚠️ high
🔍 Scan for this CVE
Summary

Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done using the same *easy handle* but without the custom `Host:` header set, the second request would use stale information and pass on cookies meant for the first host in the second request. Leak them.

CVSS Score
7.5
High
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-13
First Seen: 2026-05-17
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 68.9% of all 329,456 vulnerabilities in our database.

#102,448
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 13, 2026
🔍 Exploitation Status
Poc
Proof-of-concept available
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Partial
Limited system impact
🏆 Discovered By
Muhamad Arga Reksapati Daniel Stenberg (remediation developer)
SSVC data provided by CISA
Last Modified 2026-05-14
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE IDs (Weakness Types)
CWE-319

📦 Affected Products 1

Vendor Product Status Affected Versions
haxx curl Affected
> 7.71.0 < 8.20.0

🔗 References 4

https://curl.se/docs/CVE-2026-6276.html
Patch Vendor Advisory
https://curl.se/docs/CVE-2026-6276.json
Product
https://hackerone.com/reports/3671818
Exploit Issue Tracking Third Party Advisory
http://www.openwall.com/lists/oss-security/2026/04/2...
Mailing List Third Party Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-4873 🔶 medium 5.9 0.0 A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the s... 2026-05-13
CVE-2026-6253 🔶 medium 5.9 0.0 curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following cond... 2026-05-13
CVE-2026-6429 🔶 medium 5.3 0.0 When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, libcurl could leak the password use... 2026-05-13
CVE-2026-7009 🔶 medium 5.3 0.0 When curl is told to use the Certificate Status Request TLS extension, often referred to as *OCSP stapling*, to verify t... 2026-05-13
CVE-2026-7168 🔶 medium 5.3 0.1 Successfully using libcurl to do a transfer over a specific HTTP proxy (`proxyA`) with **Digest** authentication and the... 2026-05-13
CVE-2026-1965 🔶 medium 6.5 0.1 libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS r... 2026-03-11
These CVEs affect the same products