CVE-2026-6253
ADVISORY - nistSummary
curl might erroneously pass on credentials for a first proxy to a second proxy.
This can happen when the following conditions are true:
- curl is setup to use specific different proxies for different URL schemes
- the first proxy needs credentials
- the second proxy uses no credentials
- while using the first proxy (using say
http://), curl is asked to follow a redirect to a URL using another scheme (sayhttps://), accessed using a second, different, proxy
EPSS Score: 0.00041 (0.123)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Insufficiently Protected Credentials
ADVISORY - redhat
Insertion of Sensitive Information Into Sent Data
NIST
CREATED
UPDATED
ADVISORY IDCVE-2026-6253
EXPLOITABILITY SCORE
2.2
EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
5.9mediumAlpine
CREATED
UPDATED
ADVISORY IDCVE-2026-6253
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Debian
CREATED
UPDATED
ADVISORY IDCVE-2026-6253
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2026-6253
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2026-6253
EXPLOITABILITY SCORE
1.6
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
5.3mediumPhoton
CREATED
UPDATED
ADVISORY ID
CVE-2026-6253
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
5.9mediumminimos
CREATED
UPDATED
ADVISORY ID
MINI-6888-qchf-6vhq
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-fg45-x759-w8pp
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-