CVE-2026-8927
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
03/07/2026
Last modified:
03/07/2026
Description
When reusing a libcurl handle for sequential transfers driven by<br />
environment-variable proxy configuration, libcurl fails to clear the proxy<br />
authentication state between requests. Specifically, if the initial transfer<br />
authenticates against `proxyA` using Digest auth, a subsequent transfer routed<br />
through `proxyB` erroneously leaks the `Proxy-Authorization:` header intended<br />
solely for `proxyA`.



