Home / Vulnerability Intelligence / CVE-2026-6276

CVE-2026-6276 - Vulnerability Analysis

HighCVSS: 7.5

Last Updated: May 14, 2026

libcurl - Information Disclosure

Published: May 13, 2026Updated: May 14, 2026PoC AvailableRemote Exploitable

Overview

libcurl contains a cookie leakage vulnerability caused by reuse of an easy handle with a stale custom Host header, letting attackers receive cookies meant for a different host, exploit requires reuse of the same easy handle without resetting headers.

Severity & Score

Severity: High

CVSS Score: 7.5

Impact

Attackers can receive cookies intended for another host, leading to information disclosure.

Mitigation

Update to the latest version of libcurl that fixes cookie handling with reused easy handles.

References

http://www.openwall.com/lists/oss-security/2026/04/29/13
https://curl.se/docs/CVE-2026-6276.html
https://curl.se/docs/CVE-2026-6276.json
https://hackerone.com/reports/3671818

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-6276
Severity: High
CVSS Score: 7.5
Type: undefined
Status: confirmed

CWE

CWE-319

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H