{
  "threat_severity" : "Moderate",
  "public_date" : "2026-05-13T08:29:08Z",
  "bugzilla" : {
    "description" : "curl: libcurl: Information disclosure via incorrect Proxy-Authorization header reuse",
    "id" : "2476979",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2476979"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-201",
  "details" : [ "A flaw was found in libcurl. When a user performs a transfer over an HTTP proxy using Digest authentication and then reuses the same handle for a second transfer with a different proxy host, libcurl incorrectly sends the `Proxy-Authorization` header intended for the first proxy to the second proxy. This could lead to the disclosure of sensitive authentication information to an unintended proxy, potentially allowing an attacker to gain unauthorized access or impersonate the user." ],
  "statement" : "Moderate: A flaw in libcurl allows for information disclosure when a client reuses a handle for HTTP proxy transfers. If a libcurl application uses Digest authentication with one proxy and then connects to a different proxy using the same handle, the `Proxy-Authorization` header from the initial connection may be inadvertently sent to the second proxy, potentially exposing sensitive authentication data.",
  "affected_release" : [ {
    "product_name" : "Red Hat Hardened Images",
    "release_date" : "2026-05-19T00:00:00Z",
    "advisory" : "RHSA-2026:19106",
    "cpe" : "cpe:/a:redhat:hummingbird:1",
    "package" : "curl-main-8.20.0-2.hum1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "curl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Fix deferred",
    "package_name" : "curl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "curl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "curl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "curl",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Fix deferred",
    "package_name" : "rhcos",
    "cpe" : "cpe:/a:redhat:openshift:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-7168\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-7168\nhttp://www.openwall.com/lists/oss-security/2026/04/29/14\nhttps://curl.se/docs/CVE-2026-7168.html\nhttps://curl.se/docs/CVE-2026-7168.json\nhttps://hackerone.com/reports/3697719" ],
  "name" : "CVE-2026-7168",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}