CVE-2026-6429

MEDIUM

Published May 13, 2026 Modified May 14, 2026

Description

When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances.

CVSS v3.1 Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS — Exploit Prediction

0.0002

Probability of exploitation

0.06%

Percentile rank

EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.

Affected Products

Vendor	Product	Versions
haxx	curl	7.14.0 — 8.20.0

References

Advisories & Patches

https://curl.se/docs/CVE-2026-6429.html

Exploits

https://hackerone.com/reports/3677759

Other References

https://curl.se/docs/CVE-2026-6429.json

Frequently Asked Questions

What is CVE-2026-6429? +

When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances. It has a CVSS v3.1 base score of 5.3 (MEDIUM).

How severe is CVE-2026-6429? +

CVE-2026-6429 has a CVSS v3.1 score of 5.3 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance. The EPSS score is 0.0002, placing it in the 0th percentile for exploitation probability.

What products are affected by CVE-2026-6429? +

CVE-2026-6429 affects products from haxx, specifically: curl. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2026-6429? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2024-2398 8.6

When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the …

CVE-2026-5773 7.5

libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so …

CVE-2024-6197 7.5

libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and …

CVE-2025-9086 7.5

1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to …

CVE-2025-5399 7.5

Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl …

CVE-2026-6276 7.5

Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently …

Quick Facts

CVSS Score: 5.3
Severity: MEDIUM
EPSS: 0.0002
Published: May 13, 2026

Scan for this vulnerability

Check if your website or infrastructure is affected by CVE-2026-6429.

Website Scan Port Scan

Browse CVEs

Critical High CISA KEV ! Most likely exploited →