{“lastseen”:””,”description”:”When asked to both use a `.netrc` file for credentials and to follow HTTP\\nredirects, libcurl could leak the password used for the first host to the\\nfollowed-to host under certain circumstances.”,”published”:”2026-05-13T08:28:36.166Z”,”modified”:”2026-05-13T14:03:55.343Z”,”type”:”cve”,”title”:”netrc credential leak with reused proxy connection”,”source”:”curl”,”references”:”https:\/\/curl.se\/docs\/CVE-2026-6429.json\\nhttps:\/\/curl.se\/docs\/CVE-2026-6429.html\\nhttps:\/\/hackerone.com\/reports\/3677759″,”id”:”CVE-2026-6429″,”bulletinFamily”:””,”cwe”:null,”cvelist”:null,”sourceData”:”curl curl 8.19.0\\ncurl curl 8.18.0\\ncurl curl 8.17.0\\ncurl curl 8.16.0\\ncurl curl 8.15.0\\ncurl curl 8.14.1\\ncurl curl 8.14.0\\ncurl curl 8.13.0\\ncurl curl 8.12.1\\ncurl curl 8.12.0\\ncurl curl 8.11.1\\ncurl curl 8.11.0\\ncurl curl 8.10.1\\ncurl curl 8.10.0\\ncurl curl 8.9.1\\ncurl curl 8.9.0\\ncurl curl 8.8.0\\ncurl curl 8.7.1\\ncurl curl 8.7.0\\ncurl curl 8.6.0\\ncurl curl 8.5.0\\ncurl curl 8.4.0\\ncurl curl 8.3.0\\ncurl curl 8.2.1\\ncurl curl 8.2.0\\ncurl curl 8.1.2\\ncurl curl 8.1.1\\ncurl curl 8.1.0\\ncurl curl 8.0.1\\ncurl curl 8.0.0\\ncurl curl 7.88.1\\ncurl curl 7.88.0\\ncurl curl 7.87.0\\ncurl curl 7.86.0\\ncurl curl 7.85.0\\ncurl curl 7.84.0\\ncurl curl 7.83.1\\ncurl curl 7.83.0\\ncurl curl 7.82.0\\ncurl curl 7.81.0\\ncurl curl 7.80.0\\ncurl curl 7.79.1\\ncurl curl 7.79.0\\ncurl curl 7.78.0\\ncurl curl 7.77.0\\ncurl curl 7.76.1\\ncurl curl 7.76.0\\ncurl curl 7.75.0\\ncurl curl 7.74.0\\ncurl curl 7.73.0\\ncurl curl 7.72.0\\ncurl curl 7.71.1\\ncurl curl 7.71.0\\ncurl curl 7.70.0\\ncurl curl 7.69.1\\ncurl curl 7.69.0\\ncurl curl 7.68.0\\ncurl curl 7.67.0\\ncurl curl 7.66.0\\ncurl curl 7.65.3\\ncurl curl 7.65.2\\ncurl curl 7.65.1\\ncurl curl 7.65.0\\ncurl curl 7.64.1\\ncurl curl 7.64.0\\ncurl curl 7.63.0\\ncurl curl 7.62.0\\ncurl curl 7.61.1\\ncurl curl 7.61.0\\ncurl curl 7.60.0\\ncurl curl 7.59.0\\ncurl curl 7.58.0\\ncurl curl 7.57.0\\ncurl curl 7.56.1\\ncurl curl 7.56.0\\ncurl curl 7.55.1\\ncurl curl 7.55.0\\ncurl curl 7.54.1\\ncurl curl 7.54.0\\ncurl curl 7.53.1\\ncurl curl 7.53.0\\ncurl curl 7.52.1\\ncurl curl 7.52.0\\ncurl curl 7.51.0\\ncurl curl 7.50.3\\ncurl curl 7.50.2\\ncurl curl 7.50.1\\ncurl curl 7.50.0\\ncurl curl 7.49.1\\ncurl curl 7.49.0\\ncurl curl 7.48.0\\ncurl curl 7.47.1\\ncurl curl 7.47.0\\ncurl curl 7.46.0\\ncurl curl 7.45.0\\ncurl curl 7.44.0\\ncurl curl 7.43.0\\ncurl curl 7.42.1\\ncurl curl 7.42.0\\ncurl curl 7.41.0\\ncurl curl 7.40.0\\ncurl curl 7.39.0\\ncurl curl 7.38.0\\ncurl curl 7.37.1\\ncurl curl 7.37.0\\ncurl curl 7.36.0\\ncurl curl 7.35.0\\ncurl curl 7.34.0\\ncurl curl 7.33.0\\ncurl curl 7.32.0\\ncurl curl 7.31.0\\ncurl curl 7.30.0\\ncurl curl 7.29.0\\ncurl curl 7.28.1\\ncurl curl 7.28.0\\ncurl curl 7.27.0\\ncurl curl 7.26.0\\ncurl curl 7.25.0\\ncurl curl 7.24.0\\ncurl curl 7.23.1\\ncurl curl 7.23.0\\ncurl curl 7.22.0\\ncurl curl 7.21.7\\ncurl curl 7.21.6\\ncurl curl 7.21.5\\ncurl curl 7.21.4\\ncurl curl 7.21.3\\ncurl curl 7.21.2\\ncurl curl 7.21.1\\ncurl curl 7.21.0\\ncurl curl 7.20.1\\ncurl curl 7.20.0\\ncurl curl 7.19.7\\ncurl curl 7.19.6\\ncurl curl 7.19.5\\ncurl curl 7.19.4\\ncurl curl 7.19.3\\ncurl curl 7.19.2\\ncurl curl 7.19.1\\ncurl curl 7.19.0\\ncurl curl 7.18.2\\ncurl curl 7.18.1\\ncurl curl 7.18.0\\ncurl curl 7.17.1\\ncurl curl 7.17.0\\ncurl curl 7.16.4\\ncurl curl 7.16.3\\ncurl curl 7.16.2\\ncurl curl 7.16.1\\ncurl curl 7.16.0\\ncurl curl 7.15.5\\ncurl curl 7.15.4\\ncurl curl 7.15.3\\ncurl curl 7.15.2\\ncurl curl 7.15.1\\ncurl curl 7.15.0\\ncurl curl 7.14.1\\ncurl curl 7.14.0″,”sourceHref”:””,”cvss”:{“score”:5.3,”severity”:”MEDIUM”,”vector”:”CVSS:3.1\/AV:N\/AC:H\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”curl”,”version”:”8.19.0″,”vendor”:”curl”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”When asked to both use a `.netrc` file for credentials and to follow HTTP\\nredirects, libcurl could leak the password used for the first host to…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,22,12,21,13,7,11,5],"class_list":["post-54127","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-53","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n