GHSA-9crq-qh8v-6xmmCriticalCVSS 9.8

Successfully using libcurl to do a transfer to a specific HTTP origin (`hostA`) with **Digest**...

Published
July 3, 2026
Last Modified
July 6, 2026

🔗 CVE IDs covered (1)

📋 Description

Successfully using libcurl to do a transfer to a specific HTTP origin (hostA) with Digest authentication and then changing the origin to a different one (hostB) for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Authorization: header field meant for hostA, to hostB.

🔗 References (5)