Skip to main content

curl CVE-2026-6429

| EUVDEUVD-2026-29930 MEDIUM
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
SUSE
MEDIUM
qualitative
Red Hat
6.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
May 13, 2026 - 16:00 vuln.today
CVSS changed
May 13, 2026 - 15:52 NVD
5.3 (MEDIUM)
CVE Published
May 08, 2026 - 06:45 nvd
UNKNOWN (no severity yet)
CVE Published
May 08, 2026 - 06:45 nvd
MEDIUM 5.3

Description PRE-NVD

Disclosed via oss-security. NVD scoring and full description are pending.

AnalysisAI

curl versions 7.14.0 through 8.19.0 leak netrc credentials when reusing proxy connections, allowing authenticated local attackers to obtain sensitive authentication data via connection pooling that ignores credential requirements. CVSS 5.3 reflects high confidentiality impact but requires low-privilege authentication and high attack complexity; EPSS 0.02% indicates minimal real-world exploitation probability despite broad version coverage. No public exploit code identified at time of analysis.

Technical ContextAI

curl's connection pooling mechanism, which optimizes performance by reusing HTTP/HTTPS connections across multiple requests, fails to properly validate that netrc-stored proxy credentials are applicable when reusing a cached connection. The netrc file (standard Unix credential storage) contains user authentication credentials typically loaded for specific hosts or proxies. When curl reuses a proxy connection from its connection pool for a subsequent request to a different target, the pooling logic does not verify whether the original netrc credentials are still valid for the new request context, potentially exposing credentials that should not apply. This is distinct from other CVEs in the same disclosure batch (CVE-2026-5545, CVE-2026-5773) which address similar connection reuse failures in HTTP Negotiate and SMB protocols. The vulnerability affects curl's core connection management and credential handling across versions spanning over a decade of releases (7.14.0 through 8.19.0 per EUVD data).

RemediationAI

Upgrade curl to the patched version released by the curl project (exact fix version not specified in available data; consult https://curl.se/docs/CVE-2026-6429.html and the oss-security disclosure at https://www.openwall.com/lists/oss-security/2026/04/29 for the specific release version). Until patching is possible, mitigate by avoiding netrc file usage and instead passing credentials via environment variables (CURL_NETRC_FILE unset) or command-line flags, which bypass the pooled connection logic. Alternatively, disable connection reuse for requests using netrc credentials by setting CURLOPT_FRESH_CONNECT or using the --disable-epsv flag depending on curl version. For systems where curl is embedded or compiled into applications, ensure library dependencies are updated to the patched version-note that binary curl upgrades alone will not fix statically-linked applications. Trade-off: disabling connection pooling reduces performance for high-volume request scenarios but eliminates the reuse-based credential leak vector.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
Container suse/manager/4.3/proxy-httpd:4.3.17.9.76.18 Container suse/manager/4.3/proxy-salt-broker:4.3.17.9.66.20 Container suse/sle-micro-rancher/5.3:latest Container suse/sle-micro-rancher/5.4:5.4.4.5.106 Container suse/sle-micro/5.3/toolbox:16.3-6.11.222 Container suse/sle-micro/5.4/toolbox:16.3-5.19.222 Container suse/sle-micro/5.5/toolbox:16.3-3.12.133 Container suse/sle-micro/base-5.5:2.0.4-5.8.271 Image SLES15-SP4-BYOS Image SLES15-SP4-BYOS-Azure Image SLES15-SP4-BYOS-EC2 Image SLES15-SP4-BYOS-GCE Image SLES15-SP4-CHOST-BYOS Image SLES15-SP4-CHOST-BYOS-Aliyun Image SLES15-SP4-CHOST-BYOS-Azure Image SLES15-SP4-CHOST-BYOS-EC2 Image SLES15-SP4-CHOST-BYOS-GCE Image SLES15-SP4-CHOST-BYOS-SAP-CCloud Image SLES15-SP4-HPC-BYOS Image SLES15-SP4-HPC-BYOS-Azure Image SLES15-SP4-HPC-BYOS-EC2 Image SLES15-SP4-HPC-BYOS-GCE Image SLES15-SP4-HPC-EC2 Image SLES15-SP4-HPC-GCE Image SLES15-SP4-Hardened-BYOS Image SLES15-SP4-Hardened-BYOS-Azure Image SLES15-SP4-Hardened-BYOS-EC2 Image SLES15-SP4-Hardened-BYOS-GCE Image SLES15-SP4-SAP-BYOS Image SLES15-SP4-SAP-BYOS-Azure Image SLES15-SP4-SAP-BYOS-EC2 Image SLES15-SP4-SAP-BYOS-GCE Image SLES15-SP4-SAP-Hardened Image SLES15-SP4-SAP-Hardened-Azure Image SLES15-SP4-SAP-Hardened-BYOS Image SLES15-SP4-SAP-Hardened-BYOS-Azure Image SLES15-SP4-SAP-Hardened-BYOS-EC2 Image SLES15-SP4-SAP-Hardened-BYOS-GCE Image SLES15-SP4-SAP-Hardened-GCE Image SLES15-SP5-BYOS-Azure Image SLES15-SP5-BYOS-EC2 Image SLES15-SP5-BYOS-GCE Image SLES15-SP5-CHOST-BYOS-Aliyun Image SLES15-SP5-CHOST-BYOS-Azure Image SLES15-SP5-CHOST-BYOS-EC2 Image SLES15-SP5-CHOST-BYOS-GCE Image SLES15-SP5-CHOST-BYOS-GDC Image SLES15-SP5-CHOST-BYOS-SAP-CCloud Image SLES15-SP5-EC2 Image SLES15-SP5-GCE Image SLES15-SP5-HPC-BYOS-Azure Image SLES15-SP5-HPC-BYOS-EC2 Image SLES15-SP5-HPC-BYOS-GCE Image SLES15-SP5-Hardened-BYOS-Azure Image SLES15-SP5-Hardened-BYOS-EC2 Image SLES15-SP5-Hardened-BYOS-GCE Image SLES15-SP5-SAP-Azure-3P Image SLES15-SP5-SAP-BYOS-Azure Image SLES15-SP5-SAP-BYOS-EC2 Image SLES15-SP5-SAP-BYOS-GCE Image SLES15-SP5-SAP-Hardened-Azure Image SLES15-SP5-SAP-Hardened-BYOS-Azure Image SLES15-SP5-SAP-Hardened-BYOS-EC2 Image SLES15-SP5-SAP-Hardened-BYOS-GCE Image SLES15-SP5-SAP-Hardened-GCE Affected
Container suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.172 Container suse/sl-micro/6.0/kvm-os-container:2.1.3-6.155 Container suse/sl-micro/6.0/rt-os-container:2.1.3-7.168 Affected
Container suse/sl-micro/6.0/base-os-container:2.1.3-7.139 Container suse/sl-micro/6.0/toolbox:13.2-9.105 Image SL-Micro Affected
Container suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.102 Container suse/sl-micro/6.1/kvm-os-container:2.2.1-5.127 Container suse/sl-micro/6.1/rt-os-container:2.2.1-5.116 Affected
Container suse/sl-micro/6.1/base-os-container:2.2.1-5.126 Image SL-Micro-Azure Image SL-Micro-BYOS-Azure Image SL-Micro-BYOS-EC2 Image SL-Micro-BYOS-GCE Image SL-Micro-EC2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-Azure Image SUSE-Multi-Linux-Manager-Proxy-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-GCE Image SUSE-Multi-Linux-Manager-Server-Azure-llc Image SUSE-Multi-Linux-Manager-Server-Azure-ltd Image SUSE-Multi-Linux-Manager-Server-BYOS-Azure Image SUSE-Multi-Linux-Manager-Server-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Server-BYOS-GCE Image SUSE-Multi-Linux-Manager-Server-EC2-llc Image SUSE-Multi-Linux-Manager-Server-EC2-ltd Affected

Share

CVE-2026-6429 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy