CVE-2026-7168 – cross-proxy Digest auth state leak

CVE ID :CVE-2026-7168

Published : May 13, 2026, 8:29 a.m. | 3 hours, 29 minutes ago

Description :Successfully using libcurl to do a transfer over a specific HTTP proxy
(`proxyA`) with **Digest** authentication and then changing the proxy host to
a second one (`proxyB`) for a second transfer, reusing the same handle, makes
libcurl wrongly pass on the `Proxy-Authorization:` header field meant for
`proxyA`, to `proxyB`.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-4782 – Avada Builder

CVE-2026-4798 – Avada Builder

CVE-2026-25710 – Plasma Loginauth Helper Privilege Escalation Vulnerability

CVE-2026-41051 – csync2 uses insecure temporary directories when compiled with C99 or later