Proxy Authentication Flaw in libcurl by Upstream Vendor
CVE-2026-9079

Currently unrated

Key Information:

Vendor

Curl

Status
Vendor
CVE Published:
3 July 2026

What is CVE-2026-9079?

libcurl contains a vulnerability that fails to properly clear proxy authentication credentials when requested. This oversight allows old credentials to remain stored and potentially be used in subsequent data transfers, which may expose sensitive information or allow unauthorized access to systems that should not utilize those credentials.

Affected Version(s)

curl 8.20.0

curl 8.19.0

curl 8.18.0

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Guancheng Li
Daniel Stenberg
.