{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-25T16:00:34.640","vulnerabilities":[{"cve":{"id":"CVE-2026-3783","sourceIdentifier":"2499f714-1537-4658-8207-48ae4bb9eae9","published":"2026-03-11T11:16:00.080","lastModified":"2026-06-17T10:44:12.537","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one."},{"lang":"es","value":"Cuando se utiliza un token portador OAuth2 para una transferencia HTTP(S), y esa transferencia realiza una redirección a una segunda URL, curl podría filtrar ese token al segundo nombre de host bajo algunas circunstancias.\n\nSi el nombre de host al que se redirige la primera solicitud tiene información en el archivo .netrc utilizado, con cualquiera de las palabras clave 'machine' o 'default', curl pasaría el token portador establecido para el primer host también al segundo."}],"affected":[{"source":"2499f714-1537-4658-8207-48ae4bb9eae9","affectedData":[{"vendor":"curl","product":"curl","defaultStatus":"unaffected","versions":[{"version":"8.18.0","lessThanOrEqual":"8.18.0","versionType":"semver","status":"affected"},{"version":"8.17.0","lessThanOrEqual":"8.17.0","versionType":"semver","status":"affected"},{"version":"8.16.0","lessThanOrEqual":"8.16.0","versionType":"semver","status":"affected"},{"version":"8.15.0","lessThanOrEqual":"8.15.0","versionType":"semver","status":"affected"},{"version":"8.14.1","lessThanOrEqual":"8.14.1","versionType":"semver","status":"affected"},{"version":"8.14.0","lessThanOrEqual":"8.14.0","versionType":"semver","status":"affected"},{"version":"8.13.0","lessThanOrEqual":"8.13.0","versionType":"semver","status":"affected"},{"version":"8.12.1","lessThanOrEqual":"8.12.1","versionType":"semver","status":"affected"},{"version":"8.12.0","lessThanOrEqual":"8.12.0","versionType":"semver","status":"affected"},{"version":"8.11.1","lessThanOrEqual":"8.11.1","versionType":"semver","status":"affected"},{"version":"8.11.0","lessThanOrEqual":"8.11.0","versionType":"semver","status":"affected"},{"version":"8.10.1","lessThanOrEqual":"8.10.1","versionType":"semver","status":"affected"},{"version":"8.10.0","lessThanOrEqual":"8.10.0","versionType":"semver","status":"affected"},{"version":"8.9.1","lessThanOrEqual":"8.9.1","versionType":"semver","status":"affected"},{"version":"8.9.0","lessThanOrEqual":"8.9.0","versionType":"semver","status":"affected"},{"version":"8.8.0","lessThanOrEqual":"8.8.0","versionType":"semver","status":"affected"},{"version":"8.7.1","lessThanOrEqual":"8.7.1","versionType":"semver","status":"affected"},{"version":"8.7.0","lessThanOrEqual":"8.7.0","versionType":"semver","status":"affected"},{"version":"8.6.0","lessThanOrEqual":"8.6.0","versionType":"semver","status":"affected"},{"version":"8.5.0","lessThanOrEqual":"8.5.0","versionType":"semver","status":"affected"},{"version":"8.4.0","lessThanOrEqual":"8.4.0","versionType":"semver","status":"affected"},{"version":"8.3.0","lessThanOrEqual":"8.3.0","versionType":"semver","status":"affected"},{"version":"8.2.1","lessThanOrEqual":"8.2.1","versionType":"semver","status":"affected"},{"version":"8.2.0","lessThanOrEqual":"8.2.0","versionType":"semver","status":"affected"},{"version":"8.1.2","lessThanOrEqual":"8.1.2","versionType":"semver","status":"affected"},{"version":"8.1.1","lessThanOrEqual":"8.1.1","versionType":"semver","status":"affected"},{"version":"8.1.0","lessThanOrEqual":"8.1.0","versionType":"semver","status":"affected"},{"version":"8.0.1","lessThanOrEqual":"8.0.1","versionType":"semver","status":"affected"},{"version":"8.0.0","lessThanOrEqual":"8.0.0","versionType":"semver","status":"affected"},{"version":"7.88.1","lessThanOrEqual":"7.88.1","versionType":"semver","status":"affected"},{"version":"7.88.0","lessThanOrEqual":"7.88.0","versionType":"semver","status":"affected"},{"version":"7.87.0","lessThanOrEqual":"7.87.0","versionType":"semver","status":"affected"},{"version":"7.86.0","lessThanOrEqual":"7.86.0","versionType":"semver","status":"affected"},{"version":"7.85.0","lessThanOrEqual":"7.85.0","versionType":"semver","status":"affected"},{"version":"7.84.0","lessThanOrEqual":"7.84.0","versionType":"semver","status":"affected"},{"version":"7.83.1","lessThanOrEqual":"7.83.1","versionType":"semver","status":"affected"},{"version":"7.83.0","lessThanOrEqual":"7.83.0","versionType":"semver","status":"affected"},{"version":"7.82.0","lessThanOrEqual":"7.82.0","versionType":"semver","status":"affected"},{"version":"7.81.0","lessThanOrEqual":"7.81.0","versionType":"semver","status":"affected"},{"version":"7.80.0","lessThanOrEqual":"7.80.0","versionType":"semver","status":"affected"},{"version":"7.79.1","lessThanOrEqual":"7.79.1","versionType":"semver","status":"affected"},{"version":"7.79.0","lessThanOrEqual":"7.79.0","versionType":"semver","status":"affected"},{"version":"7.78.0","lessThanOrEqual":"7.78.0","versionType":"semver","status":"affected"},{"version":"7.77.0","lessThanOrEqual":"7.77.0","versionType":"semver","status":"affected"},{"version":"7.76.1","lessThanOrEqual":"7.76.1","versionType":"semver","status":"affected"},{"version":"7.76.0","lessThanOrEqual":"7.76.0","versionType":"semver","status":"affected"},{"version":"7.75.0","lessThanOrEqual":"7.75.0","versionType":"semver","status":"affected"},{"version":"7.74.0","lessThanOrEqual":"7.74.0","versionType":"semver","status":"affected"},{"version":"7.73.0","lessThanOrEqual":"7.73.0","versionType":"semver","status":"affected"},{"version":"7.72.0","lessThanOrEqual":"7.72.0","versionType":"semver","status":"affected"},{"version":"7.71.1","lessThanOrEqual":"7.71.1","versionType":"semver","status":"affected"},{"version":"7.71.0","lessThanOrEqual":"7.71.0","versionType":"semver","status":"affected"},{"version":"7.70.0","lessThanOrEqual":"7.70.0","versionType":"semver","status":"affected"},{"version":"7.69.1","lessThanOrEqual":"7.69.1","versionType":"semver","status":"affected"},{"version":"7.69.0","lessThanOrEqual":"7.69.0","versionType":"semver","status":"affected"},{"version":"7.68.0","lessThanOrEqual":"7.68.0","versionType":"semver","status":"affected"},{"version":"7.67.0","lessThanOrEqual":"7.67.0","versionType":"semver","status":"affected"},{"version":"7.66.0","lessThanOrEqual":"7.66.0","versionType":"semver","status":"affected"},{"version":"7.65.3","lessThanOrEqual":"7.65.3","versionType":"semver","status":"affected"},{"version":"7.65.2","lessThanOrEqual":"7.65.2","versionType":"semver","status":"affected"},{"version":"7.65.1","lessThanOrEqual":"7.65.1","versionType":"semver","status":"affected"},{"version":"7.65.0","lessThanOrEqual":"7.65.0","versionType":"semver","status":"affected"},{"version":"7.64.1","lessThanOrEqual":"7.64.1","versionType":"semver","status":"affected"},{"version":"7.64.0","lessThanOrEqual":"7.64.0","versionType":"semver","status":"affected"},{"version":"7.63.0","lessThanOrEqual":"7.63.0","versionType":"semver","status":"affected"},{"version":"7.62.0","lessThanOrEqual":"7.62.0","versionType":"semver","status":"affected"},{"version":"7.61.1","lessThanOrEqual":"7.61.1","versionType":"semver","status":"affected"},{"version":"7.61.0","lessThanOrEqual":"7.61.0","versionType":"semver","status":"affected"},{"version":"7.60.0","lessThanOrEqual":"7.60.0","versionType":"semver","status":"affected"},{"version":"7.59.0","lessThanOrEqual":"7.59.0","versionType":"semver","status":"affected"},{"version":"7.58.0","lessThanOrEqual":"7.58.0","versionType":"semver","status":"affected"},{"version":"7.57.0","lessThanOrEqual":"7.57.0","versionType":"semver","status":"affected"},{"version":"7.56.1","lessThanOrEqual":"7.56.1","versionType":"semver","status":"affected"},{"version":"7.56.0","lessThanOrEqual":"7.56.0","versionType":"semver","status":"affected"},{"version":"7.55.1","lessThanOrEqual":"7.55.1","versionType":"semver","status":"affected"},{"version":"7.55.0","lessThanOrEqual":"7.55.0","versionType":"semver","status":"affected"},{"version":"7.54.1","lessThanOrEqual":"7.54.1","versionType":"semver","status":"affected"},{"version":"7.54.0","lessThanOrEqual":"7.54.0","versionType":"semver","status":"affected"},{"version":"7.53.1","lessThanOrEqual":"7.53.1","versionType":"semver","status":"affected"},{"version":"7.53.0","lessThanOrEqual":"7.53.0","versionType":"semver","status":"affected"},{"version":"7.52.1","lessThanOrEqual":"7.52.1","versionType":"semver","status":"affected"},{"version":"7.52.0","lessThanOrEqual":"7.52.0","versionType":"semver","status":"affected"},{"version":"7.51.0","lessThanOrEqual":"7.51.0","versionType":"semver","status":"affected"},{"version":"7.50.3","lessThanOrEqual":"7.50.3","versionType":"semver","status":"affected"},{"version":"7.50.2","lessThanOrEqual":"7.50.2","versionType":"semver","status":"affected"},{"version":"7.50.1","lessThanOrEqual":"7.50.1","versionType":"semver","status":"affected"},{"version":"7.50.0","lessThanOrEqual":"7.50.0","versionType":"semver","status":"affected"},{"version":"7.49.1","lessThanOrEqual":"7.49.1","versionType":"semver","status":"affected"},{"version":"7.49.0","lessThanOrEqual":"7.49.0","versionType":"semver","status":"affected"},{"version":"7.48.0","lessThanOrEqual":"7.48.0","versionType":"semver","status":"affected"},{"version":"7.47.1","lessThanOrEqual":"7.47.1","versionType":"semver","status":"affected"},{"version":"7.47.0","lessThanOrEqual":"7.47.0","versionType":"semver","status":"affected"},{"version":"7.46.0","lessThanOrEqual":"7.46.0","versionType":"semver","status":"affected"},{"version":"7.45.0","lessThanOrEqual":"7.45.0","versionType":"semver","status":"affected"},{"version":"7.44.0","lessThanOrEqual":"7.44.0","versionType":"semver","status":"affected"},{"version":"7.43.0","lessThanOrEqual":"7.43.0","versionType":"semver","status":"affected"},{"version":"7.42.1","lessThanOrEqual":"7.42.1","versionType":"semver","status":"affected"},{"version":"7.42.0","lessThanOrEqual":"7.42.0","versionType":"semver","status":"affected"},{"version":"7.41.0","lessThanOrEqual":"7.41.0","versionType":"semver","status":"affected"},{"version":"7.40.0","lessThanOrEqual":"7.40.0","versionType":"semver","status":"affected"},{"version":"7.39.0","lessThanOrEqual":"7.39.0","versionType":"semver","status":"affected"},{"version":"7.38.0","lessThanOrEqual":"7.38.0","versionType":"semver","status":"affected"},{"version":"7.37.1","lessThanOrEqual":"7.37.1","versionType":"semver","status":"affected"},{"version":"7.37.0","lessThanOrEqual":"7.37.0","versionType":"semver","status":"affected"},{"version":"7.36.0","lessThanOrEqual":"7.36.0","versionType":"semver","status":"affected"},{"version":"7.35.0","lessThanOrEqual":"7.35.0","versionType":"semver","status":"affected"},{"version":"7.34.0","lessThanOrEqual":"7.34.0","versionType":"semver","status":"affected"},{"version":"7.33.0","lessThanOrEqual":"7.33.0","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-11T14:25:28.836990Z","id":"CVE-2026-3783","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-522"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*","versionStartIncluding":"7.33.0","versionEndExcluding":"8.19.0","matchCriteriaId":"742F398A-5BE6-4B1A-BBE6-2A5FB57B8B3E"}]}]}],"references":[{"url":"https://curl.se/docs/CVE-2026-3783.html","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Patch","Vendor Advisory"]},{"url":"https://curl.se/docs/CVE-2026-3783.json","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Vendor Advisory"]},{"url":"https://hackerone.com/reports/3583983","source":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/03/11/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}}]}