CVE-2026-6253
ADVISORY - ubuntuSummary
curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for different URL schemes 2. the first proxy needs credentials 3. the second proxy uses no credentials 4. while using the first proxy (using say http://), curl is asked to follow a redirect to a URL using another scheme (say https://), accessed using a second, different, proxy
EPSS Score: 0.0003 (0.090)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Insufficiently Protected Credentials
ADVISORY - redhat
Insertion of Sensitive Information Into Sent Data
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2026-6253
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/Amedium| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| ubuntu/curl | deb | ubuntu | 24.04 | <8.5.0-2ubuntu10.9 | 8.5.0-2ubuntu10.9 |
| ubuntu/curl | deb | ubuntu | 22.04 | <7.81.0-1ubuntu1.24 | 7.81.0-1ubuntu1.24 |
Severity and metrics
No CVSS data available from this advisory.
NIST
CREATED
UPDATED
ADVISORY IDCVE-2026-6253
EXPLOITABILITY SCORE
2.2
EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
5.9mediumAlpine
CREATED
UPDATED
ADVISORY IDCVE-2026-6253
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Debian
CREATED
UPDATED
ADVISORY IDCVE-2026-6253
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Red Hat
CREATED
UPDATED
ADVISORY IDCVE-2026-6253
EXPLOITABILITY SCORE
1.6
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
5.3mediumPhoton
CREATED
UPDATED
ADVISORY ID
CVE-2026-6253
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
5.9mediumminimos
CREATED
UPDATED
ADVISORY ID
MINI-6888-qchf-6vhq
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-fg45-x759-w8pp
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-