Sensitive Data Exposure in Excon HTTP Library for Ruby
CVE-2026-54171

6.5MEDIUM

Key Information:

Vendor

Excon

Status
Vendor
CVE Published:
17 July 2026

What is CVE-2026-54171?

The Excon HTTP library for Ruby includes a vulnerability within its RedirectFollower middleware prior to version 1.5.0. This flaw may lead to unintended exposure of sensitive data during redirect operations. Specifically, the middleware improperly handles additional sensitive headers, failing to strip them when following redirects. As a result, any header information from the original request that is not meant for the new target could inadvertently leak, potentially compromising sensitive data. Users are advised to update to version 1.5.0 or later to mitigate this risk.

Affected Version(s)

excon < 1.5.0

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.