Home / Vulnerability Intelligence / CVE-2026-6429

CVE-2026-6429 - Vulnerability Analysis

MediumCVSS: 5.3

Last Updated: May 14, 2026

libcurl - Information Disclosure

Published: May 13, 2026Updated: May 14, 2026PoC AvailableRemote Exploitable

Overview

libcurl contains an information disclosure vulnerability caused by leaking .netrc credentials during HTTP redirects, letting attackers on redirected hosts access leaked passwords, exploit requires HTTP redirects with .netrc usage.

Severity & Score

Severity: Medium

CVSS Score: 5.3

EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Attackers on redirected hosts can obtain leaked passwords from .netrc files, compromising user credentials.

Mitigation

Update to the latest version of libcurl.

References

Social Media Activity(1 post)

daniel:// stenberg://

@bagder

Apr 29, 2026

Out of the eight new #curl CVEs, four of them had existed in code for over twenty years when we published. CVE-2026-5545 clocks in at 22.75 years old CVE-2026-7168 at 21.91 years CVE-2026-6429 at 20.95 years CVE-2026-6253 at 20.66 years And yet CVE-2026-5545 only becomes the 5th oldest vulnerability ever found in curl so far.

View original post

Related Resources

Details

CVE ID: CVE-2026-6429
Severity: Medium
CVSS Score: 5.3
Type: misconfiguration
Status: confirmed
EPSS: 0.0%
Social Posts: 1

CWE

NVD-CWE-noinfo

CVSS Metrics

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.0%Probability of exploitation in the next 30 days