{ "document" : { "aggregate_severity" : { "namespace" : "https://access.redhat.com/security/updates/classification/", "text" : "Moderate" }, "category" : "csaf_security_advisory", "csaf_version" : "2.0", "distribution" : { "text" : "Copyright © Red Hat, Inc. All rights reserved.", "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "en", "notes" : [ { "category" : "summary", "text" : "An update for Red Hat Hardened Images RPMs is now available.", "title" : "Topic" }, { "category" : "general", "text" : "This update includes the following RPMs:\n\ncurl:\n * curl-8.20.0-0.1.hum1 (aarch64, x86_64)\n * libcurl-8.20.0-0.1.hum1 (aarch64, x86_64)\n * libcurl-devel-8.20.0-0.1.hum1 (aarch64, x86_64)\n * libcurl-minimal-8.20.0-0.1.hum1 (aarch64, x86_64)\n * curl-8.20.0-0.1.hum1.src (src)", "title" : "Details" }, { "category" : "legal_disclaimer", "text" : "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title" : "Terms of Use" } ], "publisher" : { "category" : "vendor", "contact_details" : "https://access.redhat.com/security/team/contact/", "issuing_authority" : "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name" : "Red Hat Product Security", "namespace" : "https://www.redhat.com" }, "references" : [ { "category" : "self", "summary" : "https://access.redhat.com/errata/RHSA-2026:12916", "url" : "https://access.redhat.com/errata/RHSA-2026:12916" }, { "category" : "external", "summary" : "https://images.redhat.com/", "url" : "https://images.redhat.com/" }, { "category" : "external", "summary" : "https://access.redhat.com/security/cve/CVE-2026-6253", "url" : "https://access.redhat.com/security/cve/CVE-2026-6253" }, { "category" : "external", "summary" : "https://access.redhat.com/security/updates/classification/", "url" : "https://access.redhat.com/security/updates/classification/" }, { "category" : "external", "summary" : "https://access.redhat.com/security/cve/CVE-2026-6429", "url" : "https://access.redhat.com/security/cve/CVE-2026-6429" }, { "category" : "external", "summary" : "https://access.redhat.com/security/cve/CVE-2026-6276", "url" : "https://access.redhat.com/security/cve/CVE-2026-6276" }, { "category" : "external", "summary" : "https://access.redhat.com/security/cve/CVE-2026-5773", "url" : "https://access.redhat.com/security/cve/CVE-2026-5773" }, { "category" : "external", "summary" : "https://access.redhat.com/security/cve/CVE-2026-5545", "url" : "https://access.redhat.com/security/cve/CVE-2026-5545" }, { "category" : "external", "summary" : "https://access.redhat.com/security/cve/CVE-2026-4873", "url" : "https://access.redhat.com/security/cve/CVE-2026-4873" }, { "category" : "self", "summary" : "Canonical URL", "url" : "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_12916.json" } ], "title" : "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update", "tracking" : { "current_release_date" : "2026-05-02T11:51:49+00:00", "generator" : { "date" : "2026-05-02T11:51:49+00:00", "engine" : { "name" : "Red Hat SDEngine", "version" : "4.7.7" } }, "id" : "RHSA-2026:12916", "initial_release_date" : "2026-05-02T00:23:55+00:00", "revision_history" : [ { "date" : "2026-05-02T00:23:55+00:00", "number" : "1", "summary" : "Initial version" }, { "date" : "2026-05-02T11:36:09+00:00", "number" : "2", "summary" : "Last updated version" }, { "date" : "2026-05-02T11:51:49+00:00", "number" : "3", "summary" : "Last generated version" } ], "status" : "final", "version" : "3" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_name", "name" : "Red Hat Hardened Images", "product" : { "name" : "Red Hat Hardened Images", "product_id" : "Red Hat Hardened Images", "product_identification_helper" : { "cpe" : "cpe:/a:redhat:hummingbird:1" } } } ], "category" : "product_family", "name" : "Red Hat Hardened Images" }, { "branches" : [ { "category" : "product_version", "name" : "curl-main@aarch64", "product" : { "name" : "curl-main@aarch64", "product_id" : "curl-main@aarch64", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/curl@8.20.0-0.1.hum1?arch=aarch64&distro=hummingbird-20251124&repository_id=public-hummingbird-aarch64-rpms" } } } ], "category" : "architecture", "name" : "aarch64" }, { "branches" : [ { "category" : "product_version", "name" : "curl-main@src", "product" : { "name" : "curl-main@src", "product_id" : "curl-main@src", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/curl@8.20.0-0.1.hum1?arch=src&distro=hummingbird-20251124&repository_id=public-hummingbird-source-rpms" } } } ], "category" : "architecture", "name" : "src" }, { "branches" : [ { "category" : "product_version", "name" : "curl-main@x86_64", "product" : { "name" : "curl-main@x86_64", "product_id" : "curl-main@x86_64", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/curl@8.20.0-0.1.hum1?arch=x86_64&distro=hummingbird-20251124&repository_id=public-hummingbird-x86_64-rpms" } } } ], "category" : "architecture", "name" : "x86_64" } ], "category" : "vendor", "name" : "Red Hat" } ], "relationships" : [ { "category" : "default_component_of", "full_product_name" : { "name" : "curl-main@aarch64 as a component of Red Hat Hardened Images", "product_id" : "Red Hat Hardened Images:curl-main@aarch64" }, "product_reference" : "curl-main@aarch64", "relates_to_product_reference" : "Red Hat Hardened Images" }, { "category" : "default_component_of", "full_product_name" : { "name" : "curl-main@src as a component of Red Hat Hardened Images", "product_id" : "Red Hat Hardened Images:curl-main@src" }, "product_reference" : "curl-main@src", "relates_to_product_reference" : "Red Hat Hardened Images" }, { "category" : "default_component_of", "full_product_name" : { "name" : "curl-main@x86_64 as a component of Red Hat Hardened Images", "product_id" : "Red Hat Hardened Images:curl-main@x86_64" }, "product_reference" : "curl-main@x86_64", "relates_to_product_reference" : "Red Hat Hardened Images" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2026-4873", "cwe" : { "id" : "CWE-319", "name" : "Cleartext Transmission of Sensitive Information" }, "discovery_date" : "2026-04-23T00:00:00+00:00", "ids" : [ { "system_name" : "Red Hat Bugzilla ID", "text" : "2461200" } ], "notes" : [ { "category" : "description", "text" : "A flaw was found in curl. A remote attacker could exploit this by initiating an unencrypted connection (via IMAP, SMTP, or POP3) and then making a subsequent request to the same host that requires Transport Layer Security (TLS). Due to incorrect connection reuse, the subsequent request would bypass the TLS requirement, leading to the transmission of sensitive information in cleartext. This vulnerability, categorized as Cleartext Transmission of Sensitive Information (CWE-319), results in information disclosure.", "title" : "Vulnerability description" }, { "category" : "summary", "text" : "curl: curl: Information disclosure due to incorrect TLS connection reuse", "title" : "Vulnerability summary" }, { "category" : "other", "text" : "Moderate: This flaw in curl allows for information disclosure when an unencrypted connection is incorrectly reused for a subsequent request that expects TLS. This can lead to the cleartext transmission of sensitive data, potentially affecting Red Hat products that utilize curl for IMAP, SMTP, or POP3 connections where connection reuse is enabled.", "title" : "Statement" }, { "category" : "general", "text" : "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title" : "CVSS score applicability" } ], "product_status" : { "fixed" : [ "Red Hat Hardened Images:curl-main@aarch64", "Red Hat Hardened Images:curl-main@src", "Red Hat Hardened Images:curl-main@x86_64" ] }, "references" : [ { "category" : "self", "summary" : "Canonical URL", "url" : "https://access.redhat.com/security/cve/CVE-2026-4873" }, { "category" : "external", "summary" : "RHBZ#2461200", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2461200" }, { "category" : "external", "summary" : "https://www.cve.org/CVERecord?id=CVE-2026-4873", "url" : "https://www.cve.org/CVERecord?id=CVE-2026-4873" }, { "category" : "external", "summary" : "https://nvd.nist.gov/vuln/detail/CVE-2026-4873", "url" : "https://nvd.nist.gov/vuln/detail/CVE-2026-4873" }, { "category" : "external", "summary" : "https://curl.se/docs/CVE-2026-4873.html", "url" : "https://curl.se/docs/CVE-2026-4873.html" } ], "release_date" : "2026-04-29T00:00:00+00:00", "remediations" : [ { "category" : "vendor_fix", "date" : "2026-05-02T00:23:55+00:00", "details" : "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/", "product_ids" : [ "Red Hat Hardened Images:curl-main@aarch64", "Red Hat Hardened Images:curl-main@src", "Red Hat Hardened Images:curl-main@x86_64" ], "restart_required" : { "category" : "none" }, "url" : "https://access.redhat.com/errata/RHSA-2026:12916" }, { "category" : "workaround", "details" : "To mitigate this issue, avoid using clear-text IMAP, POP3, or SMTP transfers with curl. Ensure that all connections for these protocols are initiated with TLS from the outset to prevent the reuse of unencrypted connections.", "product_ids" : [ "Red Hat Hardened Images:curl-main@aarch64", "Red Hat Hardened Images:curl-main@src", "Red Hat Hardened Images:curl-main@x86_64" ] } ], "scores" : [ { "cvss_v3" : { "attackComplexity" : "HIGH", "attackVector" : "NETWORK", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "privilegesRequired" : "NONE", "scope" : "UNCHANGED", "userInteraction" : "REQUIRED", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version" : "3.1" }, "products" : [ "Red Hat Hardened Images:curl-main@aarch64", "Red Hat Hardened Images:curl-main@src", "Red Hat Hardened Images:curl-main@x86_64" ] } ], "threats" : [ { "category" : "impact", "details" : "Moderate" } ], "title" : "curl: curl: Information disclosure due to incorrect TLS connection reuse" }, { "cve" : "CVE-2026-5545", "cwe" : { "id" : "CWE-488", "name" : "Exposure of Data Element to Wrong Session" }, "discovery_date" : "2026-04-23T16:35:33.607000+00:00", "ids" : [ { "system_name" : "Red Hat Bugzilla ID", "text" : "2461204" } ], "notes" : [ { "category" : "description", "text" : "A flaw was found in libcurl. An application using libcurl that performs an authenticated HTTP(S) request after a Negotiate-authenticated one to the same host may incorrectly reuse the previous connection. This authentication bypass vulnerability allows the second request to be sent over a connection authenticated with different credentials, potentially leading to unauthorized access or information disclosure.", "title" : "Vulnerability description" }, { "category" : "summary", "text" : "curl: libcurl: Authentication bypass due to incorrect HTTP Negotiate connection reuse", "title" : "Vulnerability summary" }, { "category" : "other", "text" : "Moderate: A flaw in libcurl allows for the wrong reuse of HTTP Negotiate authenticated connections. This can occur when an application makes an authenticated HTTP(S) request after a Negotiate-authenticated one to the same host, potentially leading to a request being sent over a connection authenticated with unintended credentials. This issue affects applications using libcurl versions from 7.10.6 up to and including 8.19.0.", "title" : "Statement" }, { "category" : "general", "text" : "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title" : "CVSS score applicability" } ], "product_status" : { "fixed" : [ "Red Hat Hardened Images:curl-main@aarch64", "Red Hat Hardened Images:curl-main@src", "Red Hat Hardened Images:curl-main@x86_64" ] }, "references" : [ { "category" : "self", "summary" : "Canonical URL", "url" : "https://access.redhat.com/security/cve/CVE-2026-5545" }, { "category" : "external", "summary" : "RHBZ#2461204", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2461204" }, { "category" : "external", "summary" : "https://www.cve.org/CVERecord?id=CVE-2026-5545", "url" : "https://www.cve.org/CVERecord?id=CVE-2026-5545" }, { "category" : "external", "summary" : "https://nvd.nist.gov/vuln/detail/CVE-2026-5545", "url" : "https://nvd.nist.gov/vuln/detail/CVE-2026-5545" }, { "category" : "external", "summary" : "https://curl.se/docs/CVE-2026-5545.html", "url" : "https://curl.se/docs/CVE-2026-5545.html" } ], "release_date" : "2026-04-29T00:00:00+00:00", "remediations" : [ { "category" : "vendor_fix", "date" : "2026-05-02T00:23:55+00:00", "details" : "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/", "product_ids" : [ "Red Hat Hardened Images:curl-main@aarch64", "Red Hat Hardened Images:curl-main@src", "Red Hat Hardened Images:curl-main@x86_64" ], "restart_required" : { "category" : "none" }, "url" : "https://access.redhat.com/errata/RHSA-2026:12916" }, { "category" : "workaround", "details" : "To mitigate this issue, applications using libcurl can disable connection reuse. This can be achieved by setting one of the following libcurl options: CURLOPT_FRESH_CONNECT to force a new connection for each request, CURLOPT_MAXCONNECTS to limit the total number of open connections, or CURLMOPT_MAX_HOST_CONNECTIONS when using the curl_multi API to limit connections per host. Disabling connection reuse may impact application performance due to increased overhead for establishing new connections.", "product_ids" : [ "Red Hat Hardened Images:curl-main@aarch64", "Red Hat Hardened Images:curl-main@src", "Red Hat Hardened Images:curl-main@x86_64" ] } ], "scores" : [ { "cvss_v3" : { "attackComplexity" : "LOW", "attackVector" : "NETWORK", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "privilegesRequired" : "LOW", "scope" : "UNCHANGED", "userInteraction" : "NONE", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version" : "3.1" }, "products" : [ "Red Hat Hardened Images:curl-main@aarch64", "Red Hat Hardened Images:curl-main@src", "Red Hat Hardened Images:curl-main@x86_64" ] } ], "threats" : [ { "category" : "impact", "details" : "Moderate" } ], "title" : "curl: libcurl: Authentication bypass due to incorrect HTTP Negotiate connection reuse" }, { "cve" : "CVE-2026-5773", "cwe" : { "id" : "CWE-1025", "name" : "Comparison Using Wrong Factors" }, "discovery_date" : "2026-04-23T16:35:33.611000+00:00", "ids" : [ { "system_name" : "Red Hat Bugzilla ID", "text" : "2461201" } ], "notes" : [ { "category" : "description", "text" : "A flaw was found in libcurl. Due to a logical error in the connection reuse mechanism for SMB (Server Message Block) transfers, libcurl might reuse an existing SMB connection with a different share than intended. This vulnerability, categorized as CWE-488 (Exposure of Data Element to Wrong Session), could lead to the download of an incorrect file or the upload of a file to an unintended location when an application uses libcurl for SMB transfers.", "title" : "Vulnerability description" }, { "category" : "summary", "text" : "curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse", "title" : "Vulnerability summary" }, { "category" : "other", "text" : "This Moderate impact flaw in libcurl affects applications performing SMB transfers. A logical error in the SMB connection reuse mechanism can lead to unintended file downloads or uploads to incorrect locations. This impacts applications that rely on libcurl for secure and accurate SMB file operations.", "title" : "Statement" }, { "category" : "general", "text" : "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title" : "CVSS score applicability" } ], "product_status" : { "fixed" : [ "Red Hat Hardened Images:curl-main@aarch64", "Red Hat Hardened Images:curl-main@src", "Red Hat Hardened Images:curl-main@x86_64" ] }, "references" : [ { "category" : "self", "summary" : "Canonical URL", "url" : "https://access.redhat.com/security/cve/CVE-2026-5773" }, { "category" : "external", "summary" : "RHBZ#2461201", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2461201" }, { "category" : "external", "summary" : "https://www.cve.org/CVERecord?id=CVE-2026-5773", "url" : "https://www.cve.org/CVERecord?id=CVE-2026-5773" }, { "category" : "external", "summary" : "https://nvd.nist.gov/vuln/detail/CVE-2026-5773", "url" : "https://nvd.nist.gov/vuln/detail/CVE-2026-5773" }, { "category" : "external", "summary" : "https://curl.se/docs/CVE-2026-5773.html", "url" : "https://curl.se/docs/CVE-2026-5773.html" } ], "release_date" : "2026-04-29T00:00:00+00:00", "remediations" : [ { "category" : "vendor_fix", "date" : "2026-05-02T00:23:55+00:00", "details" : "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/", "product_ids" : [ "Red Hat Hardened Images:curl-main@aarch64", "Red Hat Hardened Images:curl-main@src", "Red Hat Hardened Images:curl-main@x86_64" ], "restart_required" : { "category" : "none" }, "url" : "https://access.redhat.com/errata/RHSA-2026:12916" }, { "category" : "workaround", "details" : "To mitigate this issue, avoid using SMB for transfers with libcurl. As SMB support is opt-in since curl 8.20.0 and SMBv1 is deprecated, ensuring SMB functionality is disabled or not utilized in applications leveraging libcurl will prevent exposure. If SMB is required, consider upgrading to curl 8.20.0 or later, which addresses this flaw by preventing SMB connection reuse.", "product_ids" : [ "Red Hat Hardened Images:curl-main@aarch64", "Red Hat Hardened Images:curl-main@src", "Red Hat Hardened Images:curl-main@x86_64" ] } ], "scores" : [ { "cvss_v3" : { "attackComplexity" : "LOW", "attackVector" : "NETWORK", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "privilegesRequired" : "NONE", "scope" : "UNCHANGED", "userInteraction" : "NONE", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version" : "3.1" }, "products" : [ "Red Hat Hardened Images:curl-main@aarch64", "Red Hat Hardened Images:curl-main@src", "Red Hat Hardened Images:curl-main@x86_64" ] } ], "threats" : [ { "category" : "impact", "details" : "Moderate" } ], "title" : "curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse" }, { "cve" : "CVE-2026-6253", "cwe" : { "id" : "CWE-201", "name" : "Insertion of Sensitive Information Into Sent Data" }, "discovery_date" : "2026-04-23T16:35:33.623000+00:00", "ids" : [ { "system_name" : "Red Hat Bugzilla ID", "text" : "2461202" } ], "notes" : [ { "category" : "description", "text" : "A flaw was found in curl. When curl is configured to use distinct proxies for different URL schemes, a redirect from a URL using an authenticated proxy to one using an unauthenticated proxy can inadvertently expose the initial proxy's credentials. This improper credential management (CWE-522) may allow an attacker to gain unauthorized access or information by intercepting these disclosed credentials.", "title" : "Vulnerability description" }, { "category" : "summary", "text" : "curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies", "title" : "Vulnerability summary" }, { "category" : "other", "text" : "Moderate: This flaw in curl and libcurl allows proxy credentials to be inadvertently exposed to a second proxy during a redirect. This issue arises when curl is configured to use distinct proxies for different URL schemes, the initial proxy requires authentication, and a subsequent proxy does not. Red Hat products utilizing curl or libcurl in such a specific proxy chaining configuration may be affected.", "title" : "Statement" }, { "category" : "general", "text" : "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title" : "CVSS score applicability" } ], "product_status" : { "fixed" : [ "Red Hat Hardened Images:curl-main@aarch64", "Red Hat Hardened Images:curl-main@src", "Red Hat Hardened Images:curl-main@x86_64" ] }, "references" : [ { "category" : "self", "summary" : "Canonical URL", "url" : "https://access.redhat.com/security/cve/CVE-2026-6253" }, { "category" : "external", "summary" : "RHBZ#2461202", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2461202" }, { "category" : "external", "summary" : "https://www.cve.org/CVERecord?id=CVE-2026-6253", "url" : "https://www.cve.org/CVERecord?id=CVE-2026-6253" }, { "category" : "external", "summary" : "https://nvd.nist.gov/vuln/detail/CVE-2026-6253", "url" : "https://nvd.nist.gov/vuln/detail/CVE-2026-6253" }, { "category" : "external", "summary" : "https://curl.se/docs/CVE-2026-6253.html", "url" : "https://curl.se/docs/CVE-2026-6253.html" } ], "release_date" : "2026-04-29T00:00:00+00:00", "remediations" : [ { "category" : "vendor_fix", "date" : "2026-05-02T00:23:55+00:00", "details" : "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/", "product_ids" : [ "Red Hat Hardened Images:curl-main@aarch64", "Red Hat Hardened Images:curl-main@src", "Red Hat Hardened Images:curl-main@x86_64" ], "restart_required" : { "category" : "none" }, "url" : "https://access.redhat.com/errata/RHSA-2026:12916" }, { "category" : "workaround", "details" : "To mitigate this issue, avoid configuring curl or libcurl to use proxies that require credentials. This prevents the scenario where credentials for a first proxy could be inadvertently passed to a second proxy during a redirect.", "product_ids" : [ "Red Hat Hardened Images:curl-main@aarch64", "Red Hat Hardened Images:curl-main@src", "Red Hat Hardened Images:curl-main@x86_64" ] } ], "scores" : [ { "cvss_v3" : { "attackComplexity" : "HIGH", "attackVector" : "NETWORK", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "privilegesRequired" : "NONE", "scope" : "UNCHANGED", "userInteraction" : "REQUIRED", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version" : "3.1" }, "products" : [ "Red Hat Hardened Images:curl-main@aarch64", "Red Hat Hardened Images:curl-main@src", "Red Hat Hardened Images:curl-main@x86_64" ] } ], "threats" : [ { "category" : "impact", "details" : "Moderate" } ], "title" : "curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies" }, { "cve" : "CVE-2026-6276", "cwe" : { "id" : "CWE-346", "name" : "Origin Validation Error" }, "discovery_date" : "2026-04-23T16:35:33.888000+00:00", "ids" : [ { "system_name" : "Red Hat Bugzilla ID", "text" : "2461203" } ], "notes" : [ { "category" : "description", "text" : "A flaw was found in libcurl. This vulnerability allows for information disclosure when a custom `Host:` header is used in an initial HTTP request, and a subsequent request reuses the same connection without specifying a new `Host:` header. This can lead to libcurl incorrectly sending cookies intended for the first host to the second host, resulting in a cookie leak. This issue is categorized as an Origin Validation Error (CWE-346). Exploitation typically requires specific debugging configurations.", "title" : "Vulnerability description" }, { "category" : "summary", "text" : "curl: libcurl: Information disclosure due to cookie leak when reusing connections with custom Host headers", "title" : "Vulnerability summary" }, { "category" : "other", "text" : "This Low severity flaw affects libcurl when a custom `Host:` header is initially set for an HTTP request, and a subsequent request uses the same easy handle without a custom `Host:` header. This can lead to the second request sending cookies intended for the first host. The `curl` command-line tool is not affected by this issue. Exploitation typically requires specific debugging configurations, reducing its overall impact.", "title" : "Statement" }, { "category" : "general", "text" : "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title" : "CVSS score applicability" } ], "product_status" : { "fixed" : [ "Red Hat Hardened Images:curl-main@aarch64", "Red Hat Hardened Images:curl-main@src", "Red Hat Hardened Images:curl-main@x86_64" ] }, "references" : [ { "category" : "self", "summary" : "Canonical URL", "url" : "https://access.redhat.com/security/cve/CVE-2026-6276" }, { "category" : "external", "summary" : "RHBZ#2461203", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2461203" }, { "category" : "external", "summary" : "https://www.cve.org/CVERecord?id=CVE-2026-6276", "url" : "https://www.cve.org/CVERecord?id=CVE-2026-6276" }, { "category" : "external", "summary" : "https://nvd.nist.gov/vuln/detail/CVE-2026-6276", "url" : "https://nvd.nist.gov/vuln/detail/CVE-2026-6276" }, { "category" : "external", "summary" : "https://curl.se/docs/CVE-2026-6276.html", "url" : "https://curl.se/docs/CVE-2026-6276.html" } ], "release_date" : "2026-04-29T00:00:00+00:00", "remediations" : [ { "category" : "vendor_fix", "date" : "2026-05-02T00:23:55+00:00", "details" : "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/", "product_ids" : [ "Red Hat Hardened Images:curl-main@aarch64", "Red Hat Hardened Images:curl-main@src", "Red Hat Hardened Images:curl-main@x86_64" ], "restart_required" : { "category" : "none" }, "url" : "https://access.redhat.com/errata/RHSA-2026:12916" }, { "category" : "workaround", "details" : "To mitigate this issue, avoid using custom `Host:` headers with libcurl, especially when reusing the same easy handle for multiple requests. This vulnerability primarily arises from specific debugging configurations.", "product_ids" : [ "Red Hat Hardened Images:curl-main@aarch64", "Red Hat Hardened Images:curl-main@src", "Red Hat Hardened Images:curl-main@x86_64" ] } ], "scores" : [ { "cvss_v3" : { "attackComplexity" : "HIGH", "attackVector" : "NETWORK", "availabilityImpact" : "NONE", "baseScore" : 3.7, "baseSeverity" : "LOW", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "privilegesRequired" : "NONE", "scope" : "UNCHANGED", "userInteraction" : "NONE", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version" : "3.1" }, "products" : [ "Red Hat Hardened Images:curl-main@aarch64", "Red Hat Hardened Images:curl-main@src", "Red Hat Hardened Images:curl-main@x86_64" ] } ], "threats" : [ { "category" : "impact", "details" : "Low" } ], "title" : "curl: libcurl: Information disclosure due to cookie leak when reusing connections with custom Host headers" }, { "cve" : "CVE-2026-6429", "cwe" : { "id" : "CWE-201", "name" : "Insertion of Sensitive Information Into Sent Data" }, "discovery_date" : "2026-04-23T16:35:34.628000+00:00", "ids" : [ { "system_name" : "Red Hat Bugzilla ID", "text" : "2461205" } ], "notes" : [ { "category" : "description", "text" : "A flaw was found in libcurl. When configured to use a .netrc file for credentials and follow HTTP redirects, libcurl can inadvertently send the password from the initial connection to the redirected host. This sensitive information disclosure occurs when both the original and redirect URLs use clear text HTTP, are performed over the same HTTP proxy, and the same connection is reused. This vulnerability, categorized as an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200), could allow an attacker to obtain user credentials.", "title" : "Vulnerability description" }, { "category" : "summary", "text" : "curl: libcurl: Credential leak via reused proxy connection during HTTP redirects", "title" : "Vulnerability summary" }, { "category" : "other", "text" : "Moderate: A flaw in libcurl could lead to credential leakage. This issue occurs when libcurl is configured to use a `.netrc` file for credentials and follows HTTP redirects, potentially exposing passwords to the redirected host. Exploitation requires both the original and redirect URLs to be clear text HTTP, performed over the same HTTP proxy, and with connection reuse. The curl command-line tool is not affected by this vulnerability.", "title" : "Statement" }, { "category" : "general", "text" : "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title" : "CVSS score applicability" } ], "product_status" : { "fixed" : [ "Red Hat Hardened Images:curl-main@aarch64", "Red Hat Hardened Images:curl-main@src", "Red Hat Hardened Images:curl-main@x86_64" ] }, "references" : [ { "category" : "self", "summary" : "Canonical URL", "url" : "https://access.redhat.com/security/cve/CVE-2026-6429" }, { "category" : "external", "summary" : "RHBZ#2461205", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2461205" }, { "category" : "external", "summary" : "https://www.cve.org/CVERecord?id=CVE-2026-6429", "url" : "https://www.cve.org/CVERecord?id=CVE-2026-6429" }, { "category" : "external", "summary" : "https://nvd.nist.gov/vuln/detail/CVE-2026-6429", "url" : "https://nvd.nist.gov/vuln/detail/CVE-2026-6429" }, { "category" : "external", "summary" : "https://curl.se/docs/CVE-2026-6429.html", "url" : "https://curl.se/docs/CVE-2026-6429.html" } ], "release_date" : "2026-04-29T00:00:00+00:00", "remediations" : [ { "category" : "vendor_fix", "date" : "2026-05-02T00:23:55+00:00", "details" : "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/", "product_ids" : [ "Red Hat Hardened Images:curl-main@aarch64", "Red Hat Hardened Images:curl-main@src", "Red Hat Hardened Images:curl-main@x86_64" ], "restart_required" : { "category" : "none" }, "url" : "https://access.redhat.com/errata/RHSA-2026:12916" }, { "category" : "workaround", "details" : "To prevent the credential leak, avoid using the combination of .netrc for credentials, clear text HTTP URLs, and an HTTP proxy when making requests with libcurl. This operational control prevents the specific conditions that enable the vulnerability.", "product_ids" : [ "Red Hat Hardened Images:curl-main@aarch64", "Red Hat Hardened Images:curl-main@src", "Red Hat Hardened Images:curl-main@x86_64" ] } ], "scores" : [ { "cvss_v3" : { "attackComplexity" : "LOW", "attackVector" : "NETWORK", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "privilegesRequired" : "NONE", "scope" : "UNCHANGED", "userInteraction" : "REQUIRED", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version" : "3.1" }, "products" : [ "Red Hat Hardened Images:curl-main@aarch64", "Red Hat Hardened Images:curl-main@src", "Red Hat Hardened Images:curl-main@x86_64" ] } ], "threats" : [ { "category" : "impact", "details" : "Moderate" } ], "title" : "curl: libcurl: Credential leak via reused proxy connection during HTTP redirects" } ] }