stale custom cookie host causes cookie leak_CVE-2026-6276

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

Using libcurl, when a custom `Host:` header is first set for an HTTP request
and a second request is subsequently done using the same *easy handle* but
without the custom `Host:` header set, the second request would use stale
information and pass on cookies meant for the first host in the second
request. Leak them.

Basic Information

ID CVE-2026-6276

Source curl

Published May 13, 2026 at 08:28

Modified May 13, 2026 at 17:26

Affected Product

Vendor curl

Product curl

Version 8.19.0

Affected Versions curl curl 8.19.0
curl curl 8.18.0
curl curl 8.17.0
curl curl 8.16.0
curl curl 8.15.0
curl curl 8.14.1
curl curl 8.14.0
curl curl 8.13.0
curl curl 8.12.1
curl curl 8.12.0
curl curl 8.11.1
curl curl 8.11.0
curl curl 8.10.1
curl curl 8.10.0
curl curl 8.9.1
curl curl 8.9.0
curl curl 8.8.0
curl curl 8.7.1
curl curl 8.7.0
curl curl 8.6.0
curl curl 8.5.0
curl curl 8.4.0
curl curl 8.3.0
curl curl 8.2.1
curl curl 8.2.0
curl curl 8.1.2
curl curl 8.1.1
curl curl 8.1.0
curl curl 8.0.1
curl curl 8.0.0
curl curl 7.88.1
curl curl 7.88.0
curl curl 7.87.0
curl curl 7.86.0
curl curl 7.85.0
curl curl 7.84.0
curl curl 7.83.1
curl curl 7.83.0
curl curl 7.82.0
curl curl 7.81.0
curl curl 7.80.0
curl curl 7.79.1
curl curl 7.79.0
curl curl 7.78.0
curl curl 7.77.0
curl curl 7.76.1
curl curl 7.76.0
curl curl 7.75.0
curl curl 7.74.0
curl curl 7.73.0
curl curl 7.72.0
curl curl 7.71.1
curl curl 7.71.0

References

{
    "lastseen": "",
    "description": "Using libcurl, when a custom `Host:` header is first set for an HTTP request\nand a second request is subsequently done using the same *easy handle* but\nwithout the custom `Host:` header set, the second request would use stale\ninformation and pass on cookies meant for the first host in the second\nrequest. Leak them.",
    "published": "2026-05-13T08:28:19.273Z",
    "modified": "2026-05-13T17:26:06.894Z",
    "type": "cve",
    "title": "stale custom cookie host causes cookie leak",
    "source": "curl",
    "references": "https://curl.se/docs/CVE-2026-6276.json\nhttps://curl.se/docs/CVE-2026-6276.html\nhttps://hackerone.com/reports/3671818",
    "id": "CVE-2026-6276",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "curl curl 8.19.0\ncurl curl 8.18.0\ncurl curl 8.17.0\ncurl curl 8.16.0\ncurl curl 8.15.0\ncurl curl 8.14.1\ncurl curl 8.14.0\ncurl curl 8.13.0\ncurl curl 8.12.1\ncurl curl 8.12.0\ncurl curl 8.11.1\ncurl curl 8.11.0\ncurl curl 8.10.1\ncurl curl 8.10.0\ncurl curl 8.9.1\ncurl curl 8.9.0\ncurl curl 8.8.0\ncurl curl 8.7.1\ncurl curl 8.7.0\ncurl curl 8.6.0\ncurl curl 8.5.0\ncurl curl 8.4.0\ncurl curl 8.3.0\ncurl curl 8.2.1\ncurl curl 8.2.0\ncurl curl 8.1.2\ncurl curl 8.1.1\ncurl curl 8.1.0\ncurl curl 8.0.1\ncurl curl 8.0.0\ncurl curl 7.88.1\ncurl curl 7.88.0\ncurl curl 7.87.0\ncurl curl 7.86.0\ncurl curl 7.85.0\ncurl curl 7.84.0\ncurl curl 7.83.1\ncurl curl 7.83.0\ncurl curl 7.82.0\ncurl curl 7.81.0\ncurl curl 7.80.0\ncurl curl 7.79.1\ncurl curl 7.79.0\ncurl curl 7.78.0\ncurl curl 7.77.0\ncurl curl 7.76.1\ncurl curl 7.76.0\ncurl curl 7.75.0\ncurl curl 7.74.0\ncurl curl 7.73.0\ncurl curl 7.72.0\ncurl curl 7.71.1\ncurl curl 7.71.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "curl",
    "version": "8.19.0",
    "vendor": "curl",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply