CVE Catalog

CVE-2026-9079

Unknown
Published: Translated: NVD NIST

Summary

A flaw in libcurl caused the command to clear proxy authentication credentials to fail, leaving old credentials in memory. These credentials were then reused in subsequent transfers that should not have had access to them.

Risk Assessment

The organization is at risk of proxy credential leakage to unauthorized sessions, potentially leading to unauthorized network access and connection hijacking.

Recommendation

Immediately update libcurl to the latest patched version. After updating, regenerate and rotate all proxy passwords used within the organization.

Original NVD description (English source)

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS