Medium severity5.3NVD Advisory· Published May 13, 2026· Updated May 14, 2026
CVE-2026-6429
CVE-2026-6429
Description
When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9- osv-coords7 versionspkg:rpm/opensuse/curl&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/curl&distro=openSUSE%20Tumbleweedpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/curl&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/curl-mini&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/curl-mini&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 8.14.1-160000.6.1+ 6 more
- (no CPE)range: < 8.14.1-160000.6.1
- (no CPE)range: < 8.20.0-1.1
- (no CPE)range: < 8.14.1-160000.6.1
- (no CPE)range: < 8.14.1-160000.6.1
- (no CPE)range: < 8.14.1-160000.6.1
- (no CPE)range: < 8.14.1-160000.6.1
- (no CPE)range: < 8.14.1-160000.6.1
Patches
Vulnerability mechanics
References
3- curl.se/docs/CVE-2026-6429.htmlnvdPatchVendor Advisory
- hackerone.com/reports/3677759nvdExploitIssue TrackingThird Party Advisory
- curl.se/docs/CVE-2026-6429.jsonnvdProduct
News mentions
0No linked articles in our index yet.