{"id":54206,"date":"2026-05-13T13:05:38","date_gmt":"2026-05-13T13:05:38","guid":{"rendered":"https:\/\/zero.redgem.net\/?p=54206"},"modified":"2026-05-13T13:05:38","modified_gmt":"2026-05-13T13:05:38","slug":"proxy-credentials-leak-over-redirect-to-proxy","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=54206","title":{"rendered":"proxy credentials leak over redirect-to proxy_CVE-2026-6253"},"content":{"rendered":"

{“lastseen”:””,”description”:”curl might erroneously pass on credentials for a first proxy to a second\\nproxy.\\n\\nThis can happen when the following conditions are true:\\n\\n1. curl is setup to use specific different proxies for different URL schemes\\n2. the first proxy needs credentials\\n3. the second proxy uses no credentials\\n4. while using the first proxy (using say `http:\/\/`), curl is asked to follow\\n a redirect to a URL using another scheme (say `https:\/\/`), accessed using a\\n second, different, proxy”,”published”:”2026-05-13T08:28:03.004Z”,”modified”:”2026-05-13T17:42:40.102Z”,”type”:”cve”,”title”:”proxy credentials leak over redirect-to proxy”,”source”:”curl”,”references”:”https:\/\/curl.se\/docs\/CVE-2026-6253.json\\nhttps:\/\/curl.se\/docs\/CVE-2026-6253.html\\nhttps:\/\/hackerone.com\/reports\/3669637″,”id”:”CVE-2026-6253″,”bulletinFamily”:””,”cwe”:null,”cvelist”:null,”sourceData”:”curl curl 8.19.0\\ncurl curl 8.18.0\\ncurl curl 8.17.0\\ncurl curl 8.16.0\\ncurl curl 8.15.0\\ncurl curl 8.14.1\\ncurl curl 8.14.0\\ncurl curl 8.13.0\\ncurl curl 8.12.1\\ncurl curl 8.12.0\\ncurl curl 8.11.1\\ncurl curl 8.11.0\\ncurl curl 8.10.1\\ncurl curl 8.10.0\\ncurl curl 8.9.1\\ncurl curl 8.9.0\\ncurl curl 8.8.0\\ncurl curl 8.7.1\\ncurl curl 8.7.0\\ncurl curl 8.6.0\\ncurl curl 8.5.0\\ncurl curl 8.4.0\\ncurl curl 8.3.0\\ncurl curl 8.2.1\\ncurl curl 8.2.0\\ncurl curl 8.1.2\\ncurl curl 8.1.1\\ncurl curl 8.1.0\\ncurl curl 8.0.1\\ncurl curl 8.0.0\\ncurl curl 7.88.1\\ncurl curl 7.88.0\\ncurl curl 7.87.0\\ncurl curl 7.86.0\\ncurl curl 7.85.0\\ncurl curl 7.84.0\\ncurl curl 7.83.1\\ncurl curl 7.83.0\\ncurl curl 7.82.0\\ncurl curl 7.81.0\\ncurl curl 7.80.0\\ncurl curl 7.79.1\\ncurl curl 7.79.0\\ncurl curl 7.78.0\\ncurl curl 7.77.0\\ncurl curl 7.76.1\\ncurl curl 7.76.0\\ncurl curl 7.75.0\\ncurl curl 7.74.0\\ncurl curl 7.73.0\\ncurl curl 7.72.0\\ncurl curl 7.71.1\\ncurl curl 7.71.0\\ncurl curl 7.70.0\\ncurl curl 7.69.1\\ncurl curl 7.69.0\\ncurl curl 7.68.0\\ncurl curl 7.67.0\\ncurl curl 7.66.0\\ncurl curl 7.65.3\\ncurl curl 7.65.2\\ncurl curl 7.65.1\\ncurl curl 7.65.0\\ncurl curl 7.64.1\\ncurl curl 7.64.0\\ncurl curl 7.63.0\\ncurl curl 7.62.0\\ncurl curl 7.61.1\\ncurl curl 7.61.0\\ncurl curl 7.60.0\\ncurl curl 7.59.0\\ncurl curl 7.58.0\\ncurl curl 7.57.0\\ncurl curl 7.56.1\\ncurl curl 7.56.0\\ncurl curl 7.55.1\\ncurl curl 7.55.0\\ncurl curl 7.54.1\\ncurl curl 7.54.0\\ncurl curl 7.53.1\\ncurl curl 7.53.0\\ncurl curl 7.52.1\\ncurl curl 7.52.0\\ncurl curl 7.51.0\\ncurl curl 7.50.3\\ncurl curl 7.50.2\\ncurl curl 7.50.1\\ncurl curl 7.50.0\\ncurl curl 7.49.1\\ncurl curl 7.49.0\\ncurl curl 7.48.0\\ncurl curl 7.47.1\\ncurl curl 7.47.0\\ncurl curl 7.46.0\\ncurl curl 7.45.0\\ncurl curl 7.44.0\\ncurl curl 7.43.0\\ncurl curl 7.42.1\\ncurl curl 7.42.0\\ncurl curl 7.41.0\\ncurl curl 7.40.0\\ncurl curl 7.39.0\\ncurl curl 7.38.0\\ncurl curl 7.37.1\\ncurl curl 7.37.0\\ncurl curl 7.36.0\\ncurl curl 7.35.0\\ncurl curl 7.34.0\\ncurl curl 7.33.0\\ncurl curl 7.32.0\\ncurl curl 7.31.0\\ncurl curl 7.30.0\\ncurl curl 7.29.0\\ncurl curl 7.28.1\\ncurl curl 7.28.0\\ncurl curl 7.27.0\\ncurl curl 7.26.0\\ncurl curl 7.25.0\\ncurl curl 7.24.0\\ncurl curl 7.23.1\\ncurl curl 7.23.0\\ncurl curl 7.22.0\\ncurl curl 7.21.7\\ncurl curl 7.21.6\\ncurl curl 7.21.5\\ncurl curl 7.21.4\\ncurl curl 7.21.3\\ncurl curl 7.21.2\\ncurl curl 7.21.1\\ncurl curl 7.21.0\\ncurl curl 7.20.1\\ncurl curl 7.20.0\\ncurl curl 7.19.7\\ncurl curl 7.19.6\\ncurl curl 7.19.5\\ncurl curl 7.19.4\\ncurl curl 7.19.3\\ncurl curl 7.19.2\\ncurl curl 7.19.1\\ncurl curl 7.19.0\\ncurl curl 7.18.2\\ncurl curl 7.18.1\\ncurl curl 7.18.0\\ncurl curl 7.17.1\\ncurl curl 7.17.0\\ncurl curl 7.16.4\\ncurl curl 7.16.3\\ncurl curl 7.16.2\\ncurl curl 7.16.1\\ncurl curl 7.16.0\\ncurl curl 7.15.5\\ncurl curl 7.15.4\\ncurl curl 7.15.3\\ncurl curl 7.15.2\\ncurl curl 7.15.1\\ncurl curl 7.15.0\\ncurl curl 7.14.1″,”sourceHref”:””,”cvss”:{“score”:5.9,”severity”:”MEDIUM”,”vector”:”CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”curl”,”version”:”8.19.0″,”vendor”:”curl”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:””,”description”:”curl might erroneously pass on credentials for a first proxy to a second\\nproxy.\\n\\nThis can happen when the following conditions are true:\\n\\n1. curl is setup to…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,97,12,21,13,7,11,5],"class_list":["post-54206","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-59","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\nproxy credentials leak over redirect-to proxy_CVE-2026-6253 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=54206\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"proxy credentials leak over redirect-to proxy_CVE-2026-6253 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:””,”description”:”curl might erroneously pass on credentials for a first proxy to a secondnproxy.nnThis can happen when the following conditions are true:nn1. curl is setup to...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=54206\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-13T13:05:38+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=54206#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=54206\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"proxy credentials leak over redirect-to proxy_CVE-2026-6253\",\"datePublished\":\"2026-05-13T13:05:38+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=54206\"},\"wordCount\":530,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-5.9\",\"exploit\",\"MEDIUM\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_cve\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=54206#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=54206\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=54206\",\"name\":\"proxy credentials leak over redirect-to proxy_CVE-2026-6253 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-05-13T13:05:38+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=54206#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=54206\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=54206#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"proxy credentials leak over redirect-to proxy_CVE-2026-6253\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"proxy credentials leak over redirect-to proxy_CVE-2026-6253 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=54206","og_locale":"en_US","og_type":"article","og_title":"proxy credentials leak over redirect-to proxy_CVE-2026-6253 - zero redgem","og_description":"{“lastseen”:””,”description”:”curl might erroneously pass on credentials for a first proxy to a secondnproxy.nnThis can happen when the following conditions are true:nn1. curl is setup to...","og_url":"https:\/\/zero.redgem.net\/?p=54206","og_site_name":"zero redgem","article_published_time":"2026-05-13T13:05:38+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=54206#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=54206"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"proxy credentials leak over redirect-to proxy_CVE-2026-6253","datePublished":"2026-05-13T13:05:38+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=54206"},"wordCount":530,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-5.9","exploit","MEDIUM","news","Security","tapic","Vulnerability"],"articleSection":["category_cve"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=54206#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=54206","url":"https:\/\/zero.redgem.net\/?p=54206","name":"proxy credentials leak over redirect-to proxy_CVE-2026-6253 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-05-13T13:05:38+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=54206#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=54206"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=54206#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"proxy credentials leak over redirect-to proxy_CVE-2026-6253"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/54206","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=54206"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/54206\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=54206"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=54206"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=54206"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}