Proxy Authentication Leak in libcurl Affects Multiple Network Transfers
CVE-2026-8927
Currently unrated
What is CVE-2026-8927?
A vulnerability in libcurl occurs when reusing a handle for sequential transfers with environment-variable proxy settings. The issue arises when authentication credentials for one proxy (proxyA using Digest authentication) are not cleared before a subsequent transfer through a different proxy (proxyB). This flaw leads to the unintentional exposure of sensitive Proxy-Authorization: headers, posing a risk of unauthorized access to proxies.
Affected Version(s)
curl 8.20.0
curl 8.19.0
curl 8.18.0
