CVE-2026-6276 (GCVE-0-2026-6276)

Vulnerability from cvelistv5 – Published: 2026-05-13 08:28 – Updated: 2026-05-13 17:26
VLAI?
Title
stale custom cookie host causes cookie leak
Summary
Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done using the same *easy handle* but without the custom `Host:` header set, the second request would use stale information and pass on cookies meant for the first host in the second request. Leak them.
Assigner
Impacted products
Vendor Product Version
curl curl Affected: 8.19.0 , ≤ 8.19.0 (semver)
Affected: 8.18.0 , ≤ 8.18.0 (semver)
Affected: 8.17.0 , ≤ 8.17.0 (semver)
Affected: 8.16.0 , ≤ 8.16.0 (semver)
Affected: 8.15.0 , ≤ 8.15.0 (semver)
Affected: 8.14.1 , ≤ 8.14.1 (semver)
Affected: 8.14.0 , ≤ 8.14.0 (semver)
Affected: 8.13.0 , ≤ 8.13.0 (semver)
Affected: 8.12.1 , ≤ 8.12.1 (semver)
Affected: 8.12.0 , ≤ 8.12.0 (semver)
Affected: 8.11.1 , ≤ 8.11.1 (semver)
Affected: 8.11.0 , ≤ 8.11.0 (semver)
Affected: 8.10.1 , ≤ 8.10.1 (semver)
Affected: 8.10.0 , ≤ 8.10.0 (semver)
Affected: 8.9.1 , ≤ 8.9.1 (semver)
Affected: 8.9.0 , ≤ 8.9.0 (semver)
Affected: 8.8.0 , ≤ 8.8.0 (semver)
Affected: 8.7.1 , ≤ 8.7.1 (semver)
Affected: 8.7.0 , ≤ 8.7.0 (semver)
Affected: 8.6.0 , ≤ 8.6.0 (semver)
Affected: 8.5.0 , ≤ 8.5.0 (semver)
Affected: 8.4.0 , ≤ 8.4.0 (semver)
Affected: 8.3.0 , ≤ 8.3.0 (semver)
Affected: 8.2.1 , ≤ 8.2.1 (semver)
Affected: 8.2.0 , ≤ 8.2.0 (semver)
Affected: 8.1.2 , ≤ 8.1.2 (semver)
Affected: 8.1.1 , ≤ 8.1.1 (semver)
Affected: 8.1.0 , ≤ 8.1.0 (semver)
Affected: 8.0.1 , ≤ 8.0.1 (semver)
Affected: 8.0.0 , ≤ 8.0.0 (semver)
Affected: 7.88.1 , ≤ 7.88.1 (semver)
Affected: 7.88.0 , ≤ 7.88.0 (semver)
Affected: 7.87.0 , ≤ 7.87.0 (semver)
Affected: 7.86.0 , ≤ 7.86.0 (semver)
Affected: 7.85.0 , ≤ 7.85.0 (semver)
Affected: 7.84.0 , ≤ 7.84.0 (semver)
Affected: 7.83.1 , ≤ 7.83.1 (semver)
Affected: 7.83.0 , ≤ 7.83.0 (semver)
Affected: 7.82.0 , ≤ 7.82.0 (semver)
Affected: 7.81.0 , ≤ 7.81.0 (semver)
Affected: 7.80.0 , ≤ 7.80.0 (semver)
Affected: 7.79.1 , ≤ 7.79.1 (semver)
Affected: 7.79.0 , ≤ 7.79.0 (semver)
Affected: 7.78.0 , ≤ 7.78.0 (semver)
Affected: 7.77.0 , ≤ 7.77.0 (semver)
Affected: 7.76.1 , ≤ 7.76.1 (semver)
Affected: 7.76.0 , ≤ 7.76.0 (semver)
Affected: 7.75.0 , ≤ 7.75.0 (semver)
Affected: 7.74.0 , ≤ 7.74.0 (semver)
Affected: 7.73.0 , ≤ 7.73.0 (semver)
Affected: 7.72.0 , ≤ 7.72.0 (semver)
Affected: 7.71.1 , ≤ 7.71.1 (semver)
Affected: 7.71.0 , ≤ 7.71.0 (semver)
Create a notification for this product.
Credits
Muhamad Arga Reksapati Daniel Stenberg
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-13T09:05:37.539Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/29/13"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-6276",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T17:24:29.094167Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T17:26:06.894Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://hackerone.com/reports/3671818"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "curl",
          "vendor": "curl",
          "versions": [
            {
              "lessThanOrEqual": "8.19.0",
              "status": "affected",
              "version": "8.19.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.18.0",
              "status": "affected",
              "version": "8.18.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.17.0",
              "status": "affected",
              "version": "8.17.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.16.0",
              "status": "affected",
              "version": "8.16.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.15.0",
              "status": "affected",
              "version": "8.15.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.14.1",
              "status": "affected",
              "version": "8.14.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.14.0",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.13.0",
              "status": "affected",
              "version": "8.13.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.12.1",
              "status": "affected",
              "version": "8.12.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.12.0",
              "status": "affected",
              "version": "8.12.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.11.1",
              "status": "affected",
              "version": "8.11.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.11.0",
              "status": "affected",
              "version": "8.11.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.10.1",
              "status": "affected",
              "version": "8.10.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.10.0",
              "status": "affected",
              "version": "8.10.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.9.1",
              "status": "affected",
              "version": "8.9.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.9.0",
              "status": "affected",
              "version": "8.9.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.8.0",
              "status": "affected",
              "version": "8.8.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.7.1",
              "status": "affected",
              "version": "8.7.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.7.0",
              "status": "affected",
              "version": "8.7.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.6.0",
              "status": "affected",
              "version": "8.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.0",
              "status": "affected",
              "version": "8.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.0",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.3.0",
              "status": "affected",
              "version": "8.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.2.1",
              "status": "affected",
              "version": "8.2.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.2.0",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.1.2",
              "status": "affected",
              "version": "8.1.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.1.1",
              "status": "affected",
              "version": "8.1.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.1.0",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.0.1",
              "status": "affected",
              "version": "8.0.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.0.0",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.88.1",
              "status": "affected",
              "version": "7.88.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.88.0",
              "status": "affected",
              "version": "7.88.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.87.0",
              "status": "affected",
              "version": "7.87.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.86.0",
              "status": "affected",
              "version": "7.86.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.85.0",
              "status": "affected",
              "version": "7.85.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.84.0",
              "status": "affected",
              "version": "7.84.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.83.1",
              "status": "affected",
              "version": "7.83.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.83.0",
              "status": "affected",
              "version": "7.83.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.82.0",
              "status": "affected",
              "version": "7.82.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.81.0",
              "status": "affected",
              "version": "7.81.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.80.0",
              "status": "affected",
              "version": "7.80.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.79.1",
              "status": "affected",
              "version": "7.79.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.79.0",
              "status": "affected",
              "version": "7.79.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.78.0",
              "status": "affected",
              "version": "7.78.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.77.0",
              "status": "affected",
              "version": "7.77.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.76.1",
              "status": "affected",
              "version": "7.76.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.76.0",
              "status": "affected",
              "version": "7.76.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.75.0",
              "status": "affected",
              "version": "7.75.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.74.0",
              "status": "affected",
              "version": "7.74.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.73.0",
              "status": "affected",
              "version": "7.73.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.72.0",
              "status": "affected",
              "version": "7.72.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.71.1",
              "status": "affected",
              "version": "7.71.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.71.0",
              "status": "affected",
              "version": "7.71.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Muhamad Arga Reksapati"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Daniel Stenberg"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Using libcurl, when a custom `Host:` header is first set for an HTTP request\nand a second request is subsequently done using the same *easy handle* but\nwithout the custom `Host:` header set, the second request would use stale\ninformation and pass on cookies meant for the first host in the second\nrequest. Leak them."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-346 Origin Validation Error",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-13T08:28:19.273Z",
        "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "shortName": "curl"
      },
      "references": [
        {
          "name": "json",
          "url": "https://curl.se/docs/CVE-2026-6276.json"
        },
        {
          "name": "www",
          "url": "https://curl.se/docs/CVE-2026-6276.html"
        },
        {
          "name": "issue",
          "url": "https://hackerone.com/reports/3671818"
        }
      ],
      "title": "stale custom cookie host causes cookie leak"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
    "assignerShortName": "curl",
    "cveId": "CVE-2026-6276",
    "datePublished": "2026-05-13T08:28:19.273Z",
    "dateReserved": "2026-04-14T14:01:54.772Z",
    "dateUpdated": "2026-05-13T17:26:06.894Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…