CVE Vulnerabilities

CVE-2026-9079

Insufficiently Protected Credentials

Published: Jul 03, 2026 | Modified: Jul 07, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 IMPORTANT
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them.

Weakness

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Affected Software

NameVendorStart VersionEnd Version
CurlHaxx8.8.0 (including)8.21.0 (excluding)
Red Hat Hardened ImagesRedHatrust-main-1.96.1-1.hum1*
CurlUbuntudevel*
CurlUbuntuquesting*
CurlUbunturesolute*
CurlUbuntuupstream*

Potential Mitigations

References