Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-12T14:01:25 perl-libwww-perl: perl-libwww-perl: Information disclosure via cross-origin redirects 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CWE-201

A flaw was found in LWP::UserAgent, a component of perl-libwww-perl. This vulnerability allows a remote attacker to obtain a user's credentials by redirecting a request to an attacker-controlled host. When processing a redirect, the LWP::UserAgent fails to properly strip Authorization and Proxy-Authorization headers, leading to their unintended disclosure across different origins.

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Red Hat Enterprise Linux 10 Fix deferred perl-libwww-perl Red Hat Enterprise Linux 8 Fix deferred perl-libwww-perl Red Hat Enterprise Linux 8 Fix deferred perl-libwww-perl:6.34/perl-libwww-perl Red Hat Enterprise Linux 9 Fix deferred perl-libwww-perl https://www.cve.org/CVERecord?id=CVE-2026-8368 https://nvd.nist.gov/vuln/detail/CVE-2026-8368 https://github.com/libwww-perl/libwww-perl/commit/9c4aeb6f2dd32f2b7eaf2d7827cade31ea6cb2c6.patch https://github.com/libwww-perl/libwww-perl/pull/284 https://github.com/libwww-perl/libwww-perl/pull/512 https://metacpan.org/release/OALDERS/libwww-perl-6.83/changes