VYPR
High severity7.5NVD Advisory· Published May 13, 2026· Updated May 14, 2026

CVE-2026-6276

CVE-2026-6276

Description

Using libcurl, when a custom Host: header is first set for an HTTP request and a second request is subsequently done using the same *easy handle* but without the custom Host: header set, the second request would use stale information and pass on cookies meant for the first host in the second request. Leak them.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

9

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.