CVE-2026-8926

ADVISORY - debian

Summary

When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a username(without a password), like https://user@example.com/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is no match for the specified user.


EPSS Score: 0.0061 (0.451)

Common Weakness Enumeration (CWE)


Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in