CVE-2026-6429

EUVD-2026-29930
When asked to both use a `.netrc` file for credentials and to follow HTTP
redirects, libcurl could leak the password used for the first host to the
followed-to host under certain circumstances.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
curlCNA
5.3 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
curlcurl
𝑥
≤ 8.19.0
CNA
curlcurl
𝑥
≤ 8.18.0
CNA
curlcurl
𝑥
≤ 8.17.0
CNA
curlcurl
𝑥
≤ 8.16.0
CNA
curlcurl
𝑥
≤ 8.15.0
CNA
curlcurl
𝑥
≤ 8.14.1
CNA
curlcurl
𝑥
≤ 8.14.0
CNA
curlcurl
𝑥
≤ 8.13.0
CNA
curlcurl
𝑥
≤ 8.12.1
CNA
curlcurl
𝑥
≤ 8.12.0
CNA
curlcurl
𝑥
≤ 8.11.1
CNA
curlcurl
𝑥
≤ 8.11.0
CNA
curlcurl
𝑥
≤ 8.10.1
CNA
curlcurl
𝑥
≤ 8.10.0
CNA
curlcurl
𝑥
≤ 8.9.1
CNA
curlcurl
𝑥
≤ 8.9.0
CNA
curlcurl
𝑥
≤ 8.8.0
CNA
curlcurl
𝑥
≤ 8.7.1
CNA
curlcurl
𝑥
≤ 8.7.0
CNA
curlcurl
𝑥
≤ 8.6.0
CNA
curlcurl
𝑥
≤ 8.5.0
CNA
curlcurl
𝑥
≤ 8.4.0
CNA
curlcurl
𝑥
≤ 8.3.0
CNA
curlcurl
𝑥
≤ 8.2.1
CNA
curlcurl
𝑥
≤ 8.2.0
CNA
curlcurl
𝑥
≤ 8.1.2
CNA
curlcurl
𝑥
≤ 8.1.1
CNA
curlcurl
𝑥
≤ 8.1.0
CNA
curlcurl
𝑥
≤ 8.0.1
CNA
curlcurl
𝑥
≤ 8.0.0
CNA
curlcurl
𝑥
≤ 7.88.1
CNA
curlcurl
𝑥
≤ 7.88.0
CNA
curlcurl
𝑥
≤ 7.87.0
CNA
curlcurl
𝑥
≤ 7.86.0
CNA
curlcurl
𝑥
≤ 7.85.0
CNA
curlcurl
𝑥
≤ 7.84.0
CNA
curlcurl
𝑥
≤ 7.83.1
CNA
curlcurl
𝑥
≤ 7.83.0
CNA
curlcurl
𝑥
≤ 7.82.0
CNA
curlcurl
𝑥
≤ 7.81.0
CNA
curlcurl
𝑥
≤ 7.80.0
CNA
curlcurl
𝑥
≤ 7.79.1
CNA
curlcurl
𝑥
≤ 7.79.0
CNA
curlcurl
𝑥
≤ 7.78.0
CNA
curlcurl
𝑥
≤ 7.77.0
CNA
curlcurl
𝑥
≤ 7.76.1
CNA
curlcurl
𝑥
≤ 7.76.0
CNA
curlcurl
𝑥
≤ 7.75.0
CNA
curlcurl
𝑥
≤ 7.74.0
CNA
curlcurl
𝑥
≤ 7.73.0
CNA
curlcurl
𝑥
≤ 7.72.0
CNA
curlcurl
𝑥
≤ 7.71.1
CNA
curlcurl
𝑥
≤ 7.71.0
CNA
curlcurl
𝑥
≤ 7.70.0
CNA
curlcurl
𝑥
≤ 7.69.1
CNA
curlcurl
𝑥
≤ 7.69.0
CNA
curlcurl
𝑥
≤ 7.68.0
CNA
curlcurl
𝑥
≤ 7.67.0
CNA
curlcurl
𝑥
≤ 7.66.0
CNA
curlcurl
𝑥
≤ 7.65.3
CNA
curlcurl
𝑥
≤ 7.65.2
CNA
curlcurl
𝑥
≤ 7.65.1
CNA
curlcurl
𝑥
≤ 7.65.0
CNA
curlcurl
𝑥
≤ 7.64.1
CNA
curlcurl
𝑥
≤ 7.64.0
CNA
curlcurl
𝑥
≤ 7.63.0
CNA
curlcurl
𝑥
≤ 7.62.0
CNA
curlcurl
𝑥
≤ 7.61.1
CNA
curlcurl
𝑥
≤ 7.61.0
CNA
curlcurl
𝑥
≤ 7.60.0
CNA
curlcurl
𝑥
≤ 7.59.0
CNA
curlcurl
𝑥
≤ 7.58.0
CNA
curlcurl
𝑥
≤ 7.57.0
CNA
curlcurl
𝑥
≤ 7.56.1
CNA
curlcurl
𝑥
≤ 7.56.0
CNA
curlcurl
𝑥
≤ 7.55.1
CNA
curlcurl
𝑥
≤ 7.55.0
CNA
curlcurl
𝑥
≤ 7.54.1
CNA
curlcurl
𝑥
≤ 7.54.0
CNA
curlcurl
𝑥
≤ 7.53.1
CNA
curlcurl
𝑥
≤ 7.53.0
CNA
curlcurl
𝑥
≤ 7.52.1
CNA
curlcurl
𝑥
≤ 7.52.0
CNA
curlcurl
𝑥
≤ 7.51.0
CNA
curlcurl
𝑥
≤ 7.50.3
CNA
curlcurl
𝑥
≤ 7.50.2
CNA
curlcurl
𝑥
≤ 7.50.1
CNA
curlcurl
𝑥
≤ 7.50.0
CNA
curlcurl
𝑥
≤ 7.49.1
CNA
curlcurl
𝑥
≤ 7.49.0
CNA
curlcurl
𝑥
≤ 7.48.0
CNA
curlcurl
𝑥
≤ 7.47.1
CNA
curlcurl
𝑥
≤ 7.47.0
CNA
curlcurl
𝑥
≤ 7.46.0
CNA
curlcurl
𝑥
≤ 7.45.0
CNA
curlcurl
𝑥
≤ 7.44.0
CNA
curlcurl
𝑥
≤ 7.43.0
CNA
curlcurl
𝑥
≤ 7.42.1
CNA
curlcurl
𝑥
≤ 7.42.0
CNA
curlcurl
𝑥
≤ 7.41.0
CNA
curlcurl
𝑥
≤ 7.40.0
CNA
curlcurl
𝑥
≤ 7.39.0
CNA
curlcurl
𝑥
≤ 7.38.0
CNA
curlcurl
𝑥
≤ 7.37.1
CNA
curlcurl
𝑥
≤ 7.37.0
CNA
curlcurl
𝑥
≤ 7.36.0
CNA
curlcurl
𝑥
≤ 7.35.0
CNA
curlcurl
𝑥
≤ 7.34.0
CNA
curlcurl
𝑥
≤ 7.33.0
CNA
curlcurl
𝑥
≤ 7.32.0
CNA
curlcurl
𝑥
≤ 7.31.0
CNA
curlcurl
𝑥
≤ 7.30.0
CNA
curlcurl
𝑥
≤ 7.29.0
CNA
curlcurl
𝑥
≤ 7.28.1
CNA
curlcurl
𝑥
≤ 7.28.0
CNA
curlcurl
𝑥
≤ 7.27.0
CNA
curlcurl
𝑥
≤ 7.26.0
CNA
curlcurl
𝑥
≤ 7.25.0
CNA
curlcurl
𝑥
≤ 7.24.0
CNA
curlcurl
𝑥
≤ 7.23.1
CNA
curlcurl
𝑥
≤ 7.23.0
CNA
curlcurl
𝑥
≤ 7.22.0
CNA
curlcurl
𝑥
≤ 7.21.7
CNA
curlcurl
𝑥
≤ 7.21.6
CNA
curlcurl
𝑥
≤ 7.21.5
CNA
curlcurl
𝑥
≤ 7.21.4
CNA
curlcurl
𝑥
≤ 7.21.3
CNA
curlcurl
𝑥
≤ 7.21.2
CNA
curlcurl
𝑥
≤ 7.21.1
CNA
curlcurl
𝑥
≤ 7.21.0
CNA
curlcurl
𝑥
≤ 7.20.1
CNA
curlcurl
𝑥
≤ 7.20.0
CNA
curlcurl
𝑥
≤ 7.19.7
CNA
curlcurl
𝑥
≤ 7.19.6
CNA
curlcurl
𝑥
≤ 7.19.5
CNA
curlcurl
𝑥
≤ 7.19.4
CNA
curlcurl
𝑥
≤ 7.19.3
CNA
curlcurl
𝑥
≤ 7.19.2
CNA
curlcurl
𝑥
≤ 7.19.1
CNA
curlcurl
𝑥
≤ 7.19.0
CNA
curlcurl
𝑥
≤ 7.18.2
CNA
curlcurl
𝑥
≤ 7.18.1
CNA
curlcurl
𝑥
≤ 7.18.0
CNA
curlcurl
𝑥
≤ 7.17.1
CNA
curlcurl
𝑥
≤ 7.17.0
CNA
curlcurl
𝑥
≤ 7.16.4
CNA
curlcurl
𝑥
≤ 7.16.3
CNA
curlcurl
𝑥
≤ 7.16.2
CNA
curlcurl
𝑥
≤ 7.16.1
CNA
curlcurl
𝑥
≤ 7.16.0
CNA
curlcurl
𝑥
≤ 7.15.5
CNA
curlcurl
𝑥
≤ 7.15.4
CNA
curlcurl
𝑥
≤ 7.15.3
CNA
curlcurl
𝑥
≤ 7.15.2
CNA
curlcurl
𝑥
≤ 7.15.1
CNA
curlcurl
𝑥
≤ 7.15.0
CNA
curlcurl
𝑥
≤ 7.14.1
CNA
curlcurl
𝑥
≤ 7.14.0
CNA
Debian logo
Debian Releases
Debian Product
Codename
curl
bookworm
no-dsa
bookworm (security)
vulnerable
bullseye
postponed
bullseye (security)
vulnerable
forky
8.20.0-1
fixed
sid
8.20.0-1
fixed
trixie
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
curl
bionic
needed
focal
needed
jammy
Fixed 7.81.0-1ubuntu1.24
released
noble
Fixed 8.5.0-2ubuntu10.9
released
questing
Fixed 8.14.1-2ubuntu1.3
released
resolute
Fixed 8.18.0-1ubuntu2.1
released
trusty
needed
xenial
needed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
curl
suse enterprise sap 15 SP4
8.14.1-150400.5.83.1
fixed
suse enterprise sap 15 SP5
8.14.1-150400.5.83.1
fixed
suse enterprise server 15 SP4
8.14.1-150400.5.83.1
fixed
suse enterprise server 15 SP5
8.14.1-150400.5.83.1
fixed
libcurl-devel
suse enterprise sap 15 SP4
8.14.1-150400.5.83.1
fixed
suse enterprise sap 15 SP5
8.14.1-150400.5.83.1
fixed
suse enterprise server 15 SP4
8.14.1-150400.5.83.1
fixed
suse enterprise server 15 SP5
8.14.1-150400.5.83.1
fixed
libcurl4
suse enterprise sap 15 SP4
8.14.1-150400.5.83.1
fixed
suse enterprise sap 15 SP5
8.14.1-150400.5.83.1
fixed
suse enterprise server 15 SP4
8.14.1-150400.5.83.1
fixed
suse enterprise server 15 SP5
8.14.1-150400.5.83.1
fixed
libcurl4-32bit
suse enterprise sap 15 SP4
8.14.1-150400.5.83.1
fixed
suse enterprise sap 15 SP5
8.14.1-150400.5.83.1
fixed
suse enterprise server 15 SP4
8.14.1-150400.5.83.1
fixed
suse enterprise server 15 SP5
8.14.1-150400.5.83.1
fixed
Vulnerability Media Exposure
References
https://curl.se/docs/CVE-2026-6429.html
https://curl.se/docs/CVE-2026-6429.json
https://hackerone.com/reports/3677759