Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-6276
Analyzed
More InfoOfficial Page
Source-2499f714-1537-4658-8207-48ae4bb9eae9
View Known Exploited Vulnerability (KEV) details
Published At-13 May, 2026 | 13:01
Updated At-14 May, 2026 | 14:21

Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done using the same *easy handle* but without the custom `Host:` header set, the second request would use stale information and pass on cookies meant for the first host in the second request. Leak them.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
CURL
haxx
>>curl>>Versions from 7.71.0(inclusive) to 8.20.0(exclusive)
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-319Primarynvd@nist.gov
CWE ID: CWE-319
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://curl.se/docs/CVE-2026-6276.html2499f714-1537-4658-8207-48ae4bb9eae9
Patch
Vendor Advisory
https://curl.se/docs/CVE-2026-6276.json2499f714-1537-4658-8207-48ae4bb9eae9
Product
https://hackerone.com/reports/36718182499f714-1537-4658-8207-48ae4bb9eae9
Exploit
Issue Tracking
Third Party Advisory
http://www.openwall.com/lists/oss-security/2026/04/29/13af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://hackerone.com/reports/3671818134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
Issue Tracking
Third Party Advisory
Hyperlink: https://curl.se/docs/CVE-2026-6276.html
Source: 2499f714-1537-4658-8207-48ae4bb9eae9
Resource:
Patch
Vendor Advisory
Hyperlink: https://curl.se/docs/CVE-2026-6276.json
Source: 2499f714-1537-4658-8207-48ae4bb9eae9
Resource:
Product
Hyperlink: https://hackerone.com/reports/3671818
Source: 2499f714-1537-4658-8207-48ae4bb9eae9
Resource:
Exploit
Issue Tracking
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2026/04/29/13
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://hackerone.com/reports/3671818
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Exploit
Issue Tracking
Third Party Advisory
Change History
0Changes found
Details not found