Description
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer
performs a redirect to a second URL, curl could leak that token to the second
hostname under some circumstances.

If the hostname that the first request is redirected to has information in the
used .netrc file, with either of the `machine` or `default` keywords, curl
would pass on the bearer token set for the first host also to the second one.
Published: 2026-03-11
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Credential Leakage
Action: Patch
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8084-1 curl vulnerabilities
Ubuntu USN Ubuntu USN USN-8099-1 curl vulnerabilities
History

Fri, 13 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-201
References
Metrics threat_severity

None

 threat_severity

Moderate

Thu, 12 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Haxx
Haxx curl
CPEs cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
Vendors & Products Haxx
Haxx curl

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Curl
Curl curl
Vendors & Products Curl
Curl curl

Wed, 11 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-522
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 11:30:00 +0000

Type Values Removed Values Added
References

Wed, 11 Mar 2026 10:30:00 +0000

Type Values Removed Values Added
Description When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with either of the `machine` or `default` keywords, curl would pass on the bearer token set for the first host also to the second one.
Title token leak with redirect and netrc
References

Subscriptions

Curl Curl
Haxx Curl
cve-icon MITRE

Status: PUBLISHED

Assigner: curl

Published:

Updated: 2026-03-11T14:26:10.788Z

Reserved: 2026-03-08T05:09:09.891Z

Link: CVE-2026-3783

cve-icon Vulnrichment

Updated: 2026-03-11T10:16:31.282Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-11T11:16:00.080

Modified: 2026-03-12T14:10:37.300

Link: CVE-2026-3783

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-11T10:09:08Z

Links: CVE-2026-3783 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T14:37:25Z

Weaknesses