Moole Vulnerability Database

Find real vulnerabilities before they ship

Medium

CVE-2026-6429

When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances.

VectorNETWORK

PublishedMay 13, 2026, 13:01

Published By2499f714-1537-4658-8207-48ae4bb9eae9

Base Score

Score5.3

Affected Versions

No affected versions found.

References

https://curl.se/docs/CVE-2026-6429.html
https://curl.se/docs/CVE-2026-6429.json
https://hackerone.com/reports/3677759

Weakness Type

NVD-CWE-noinfo

CVSS Metrics

Base Score

5.3

Vector String

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Base SeverityMedium

Version

3.1

Attack Vector (AV)

NETWORK