<Vulnerability name="CVE-2026-8927">
    <DocumentDistribution xml:lang="en">Copyright © 2012 Red Hat, Inc. All rights reserved.</DocumentDistribution>
    <ThreatSeverity>Important</ThreatSeverity>
    <PublicDate>2026-07-03T06:16:06</PublicDate>
    <Bugzilla id="2496769" url="https://bugzilla.redhat.com/show_bug.cgi?id=2496769" xml:lang="en:us">
libcurl: libcurl: Information disclosure due to uncleared proxy authentication state
    </Bugzilla>
    <CVSS3 status="verified">
        <CVSS3BaseScore>7.5</CVSS3BaseScore>
        <CVSS3ScoringVector>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N</CVSS3ScoringVector>
    </CVSS3>
    <CWE>CWE-201</CWE>
    <Details xml:lang="en:us" source="Mitre">
When reusing a libcurl handle for sequential transfers driven by
environment-variable proxy configuration, libcurl fails to clear the proxy
authentication state between requests. Specifically, if the initial transfer
authenticates against `proxyA` using Digest auth, a subsequent transfer routed
through `proxyB` erroneously leaks the `Proxy-Authorization:` header intended
solely for `proxyA`.
    </Details>
    <Details xml:lang="en:us" source="Red Hat">
A flaw was found in libcurl. When reusing a libcurl handle for sequential transfers with environment-variable proxy configuration, the library does not properly clear the proxy authentication state. This oversight can lead to the unintended disclosure of `Proxy-Authorization` headers to an incorrect proxy, potentially exposing sensitive authentication information to an unauthorized entity. This is an information disclosure vulnerability.
    </Details>
    <Statement xml:lang="en:us">
This Important information disclosure vulnerability in libcurl arises when a handle is reused for sequential transfers with environment-variable proxy configurations, failing to clear the proxy authentication state. This oversight can lead to `Proxy-Authorization` headers being inadvertently sent to an incorrect proxy, potentially exposing sensitive authentication information in Red Hat environments utilizing multiple proxy configurations. This flaw leads only to a confidentiality impact. There has been no observed integrity impact.
    </Statement>
    <Mitigation xml:lang="en:us">
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
    </Mitigation>
    <AffectedRelease impact="important" cpe="cpe:/a:redhat:hummingbird:1">
        <ProductName>Red Hat Hardened Images</ProductName>
        <ReleaseDate>2026-06-24T00:00:00Z</ReleaseDate>
        <Advisory type="RHSA" url="https://access.redhat.com/errata/RHSA-2026:29017">RHSA-2026:29017</Advisory>
        <Package name="curl-main">curl-main-8.21.0-0.1.hum1</Package>
    </AffectedRelease>
    <AffectedRelease impact="important" cpe="cpe:/a:redhat:hummingbird:1">
        <ProductName>Red Hat Hardened Images</ProductName>
        <ReleaseDate>2026-07-02T00:00:00Z</ReleaseDate>
        <Advisory type="RHSA" url="https://access.redhat.com/errata/RHSA-2026:34975">RHSA-2026:34975</Advisory>
        <Package name="rust-main">rust-main-1.96.1-1.hum1</Package>
    </AffectedRelease>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:8">
        <ProductName>Red Hat Enterprise Linux 8</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>dotnet8.0</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:jboss_core_services:1">
        <ProductName>Red Hat JBoss Core Services</ProductName>
        <FixState>Affected</FixState>
        <PackageName>libcurl-1.dll</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:jboss_core_services:1">
        <ProductName>Red Hat JBoss Core Services</ProductName>
        <FixState>Affected</FixState>
        <PackageName>libcurl.so</PackageName>
    </PackageState>
    <References xml:lang="en:us">
https://www.cve.org/CVERecord?id=CVE-2026-8927
https://nvd.nist.gov/vuln/detail/CVE-2026-8927
https://curl.se/docs/CVE-2026-8927.html
https://curl.se/docs/CVE-2026-8927.json
https://hackerone.com/reports/3744543
    </References>
</Vulnerability>