Vulnerability Description
curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for different URL schemes 2. the first proxy needs credentials 3. the second proxy uses no credentials 4. while using the first proxy (using say `http://`), curl is asked to follow a redirect to a URL using another scheme (say `https://`), accessed using a second, different, proxy
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Haxx | Curl | >= 7.14.1, < 8.20.0 |
Related Weaknesses (CWE)
References
- https://curl.se/docs/CVE-2026-6253.htmlPatchVendor Advisory
- https://curl.se/docs/CVE-2026-6253.jsonVendor Advisory
- https://hackerone.com/reports/3669637ExploitIssue TrackingThird Party Advisory
- http://www.openwall.com/lists/oss-security/2026/04/29/11Mailing ListPatchThird Party Advisory
- https://hackerone.com/reports/3669637ExploitIssue TrackingThird Party Advisory
FAQ
What is CVE-2026-6253?
CVE-2026-6253 is a vulnerability with a CVSS score of 5.9 (MEDIUM). curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for differe...
How severe is CVE-2026-6253?
CVE-2026-6253 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-6253?
Check the references section above for vendor advisories and patch information. Affected products include: Haxx Curl.