GHSA-vw2x-3w8j-rq82CriticalCVSS 9.1

When asking curl to use a `.netrc` file to find credentials and at the same time specifying a URL...

Published
July 3, 2026
Last Modified
July 6, 2026

🔗 CVE IDs covered (1)

📋 Description

When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a username(without a password), like https://[email protected]/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is no match for the specified user.

🔗 References (5)