CVE-2026-7168 - Vulnerability Details - OpenCVE

Successfully using libcurl to do a transfer over a specific HTTP proxy (`proxyA`) with **Digest** authentication and then changing the proxy host to a second one (`proxyB`) for a second transfer, reusing the same handle, makes libcurl wrongly pass on the `Proxy-Authorization:` header field meant for `proxyA`, to `proxyB`.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://curl.se/docs/CVE-2026-7168.html
https://curl.se/docs/CVE-2026-7168.json
https://hackerone.com/reports/3697719

History

Wed, 13 May 2026 09:15:00 +0000

Type	Values Removed	Values Added
Description		Successfully using libcurl to do a transfer over a specific HTTP proxy (`proxyA`) with Digest authentication and then changing the proxy host to a second one (`proxyB`) for a second transfer, reusing the same handle, makes libcurl wrongly pass on the `Proxy-Authorization:` header field meant for `proxyA`, to `proxyB`.
Title		cross-proxy Digest auth state leak
References		https://curl.se/docs/CVE-2026-7168.html https://curl.se/docs/CVE-2026-7168.json https://hackerone.com/reports/3697719

MITRE

Status: PUBLISHED

Assigner: curl

Published: 2026-05-13T08:29:08.900Z

Updated: 2026-05-13T09:05:54.907Z

Reserved: 2026-04-27T07:37:37.172Z

Link: CVE-2026-7168

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7168", "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9", "state": "PUBLISHED", "assignerShortName": "curl", "dateReserved": "2026-04-27T07:37:37.172Z", "datePublished": "2026-05-13T08:29:08.900Z", "dateUpdated": "2026-05-13T09:05:54.907Z"}, "containers": {"cna": {"title": "cross-proxy Digest auth state leak", "descriptions": [{"lang": "en", "value": "Successfully using libcurl to do a transfer over a specific HTTP proxy\n(`proxyA`) with **Digest** authentication and then changing the proxy host to\na second one (`proxyB`) for a second transfer, reusing the same handle, makes\nlibcurl wrongly pass on the `Proxy-Authorization:` header field meant for\n`proxyA`, to `proxyB`."}], "providerMetadata": {"orgId": "2499f714-1537-4658-8207-48ae4bb9eae9", "shortName": "curl", "dateUpdated": "2026-05-13T08:29:08.900Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-294 Authentication Bypass by Capture-replay"}]}], "affected": [{"vendor": "curl", "product": "curl", "versions": [{"version": "8.19.0", "status": "affected", "lessThanOrEqual": "8.19.0", "versionType": "semver"}, {"version": "8.18.0", "status": "affected", "lessThanOrEqual": "8.18.0", "versionType": "semver"}, {"version": "8.17.0", "status": "affected", "lessThanOrEqual": "8.17.0", "versionType": "semver"}, {"version": "8.16.0", "status": "affected", "lessThanOrEqual": "8.16.0", "versionType": "semver"}, {"version": "8.15.0", "status": "affected", "lessThanOrEqual": "8.15.0", "versionType": "semver"}, {"version": "8.14.1", "status": "affected", "lessThanOrEqual": "8.14.1", "versionType": "semver"}, {"version": "8.14.0", "status": "affected", "lessThanOrEqual": "8.14.0", "versionType": "semver"}, {"version": "8.13.0", "status": "affected", "lessThanOrEqual": "8.13.0", "versionType": "semver"}, {"version": "8.12.1", "status": "affected", "lessThanOrEqual": "8.12.1", "versionType": "semver"}, {"version": "8.12.0", "status": "affected", "lessThanOrEqual": "8.12.0", "versionType": "semver"}, {"version": "8.11.1", "status": "affected", "lessThanOrEqual": "8.11.1", "versionType": "semver"}, {"version": "8.11.0", "status": "affected", "lessThanOrEqual": "8.11.0", "versionType": "semver"}, {"version": "8.10.1", "status": "affected", "lessThanOrEqual": "8.10.1", "versionType": "semver"}, {"version": "8.10.0", "status": "affected", "lessThanOrEqual": "8.10.0", "versionType": "semver"}, {"version": "8.9.1", "status": "affected", "lessThanOrEqual": "8.9.1", "versionType": "semver"}, {"version": "8.9.0", "status": "affected", "lessThanOrEqual": "8.9.0", "versionType": "semver"}, {"version": "8.8.0", "status": "affected", "lessThanOrEqual": "8.8.0", "versionType": "semver"}, {"version": "8.7.1", "status": "affected", "lessThanOrEqual": "8.7.1", "versionType": "semver"}, {"version": "8.7.0", "status": "affected", "lessThanOrEqual": "8.7.0", "versionType": "semver"}, {"version": "8.6.0", "status": "affected", "lessThanOrEqual": "8.6.0", "versionType": "semver"}, {"version": "8.5.0", "status": "affected", "lessThanOrEqual": "8.5.0", "versionType": "semver"}, {"version": "8.4.0", "status": "affected", "lessThanOrEqual": "8.4.0", "versionType": "semver"}, {"version": "8.3.0", "status": "affected", "lessThanOrEqual": "8.3.0", "versionType": "semver"}, {"version": "8.2.1", "status": "affected", "lessThanOrEqual": "8.2.1", "versionType": "semver"}, {"version": "8.2.0", "status": "affected", "lessThanOrEqual": "8.2.0", "versionType": "semver"}, {"version": "8.1.2", "status": "affected", "lessThanOrEqual": "8.1.2", "versionType": "semver"}, {"version": "8.1.1", "status": "affected", "lessThanOrEqual": "8.1.1", "versionType": "semver"}, {"version": "8.1.0", "status": "affected", "lessThanOrEqual": "8.1.0", "versionType": "semver"}, {"version": "8.0.1", "status": "affected", "lessThanOrEqual": "8.0.1", "versionType": "semver"}, {"version": "8.0.0", "status": "affected", "lessThanOrEqual": "8.0.0", "versionType": "semver"}, {"version": "7.88.1", "status": "affected", "lessThanOrEqual": "7.88.1", "versionType": "semver"}, {"version": "7.88.0", "status": "affected", "lessThanOrEqual": "7.88.0", "versionType": "semver"}, {"version": "7.87.0", "status": "affected", "lessThanOrEqual": "7.87.0", "versionType": "semver"}, {"version": "7.86.0", "status": "affected", "lessThanOrEqual": "7.86.0", "versionType": "semver"}, {"version": "7.85.0", "status": "affected", "lessThanOrEqual": "7.85.0", "versionType": "semver"}, {"version": "7.84.0", "status": "affected", "lessThanOrEqual": "7.84.0", "versionType": "semver"}, {"version": "7.83.1", "status": "affected", "lessThanOrEqual": "7.83.1", "versionType": "semver"}, {"version": "7.83.0", "status": "affected", "lessThanOrEqual": "7.83.0", "versionType": "semver"}, {"version": "7.82.0", "status": "affected", "lessThanOrEqual": "7.82.0", "versionType": "semver"}, {"version": "7.81.0", "status": "affected", "lessThanOrEqual": "7.81.0", "versionType": "semver"}, {"version": "7.80.0", "status": "affected", "lessThanOrEqual": "7.80.0", "versionType": "semver"}, {"version": "7.79.1", "status": "affected", "lessThanOrEqual": "7.79.1", "versionType": "semver"}, {"version": "7.79.0", "status": "affected", "lessThanOrEqual": "7.79.0", "versionType": "semver"}, {"version": "7.78.0", "status": "affected", "lessThanOrEqual": "7.78.0", "versionType": "semver"}, {"version": "7.77.0", "status": "affected", "lessThanOrEqual": "7.77.0", "versionType": "semver"}, {"version": "7.76.1", "status": "affected", "lessThanOrEqual": "7.76.1", "versionType": "semver"}, {"version": "7.76.0", "status": "affected", "lessThanOrEqual": "7.76.0", "versionType": "semver"}, {"version": "7.75.0", "status": "affected", "lessThanOrEqual": "7.75.0", "versionType": "semver"}, {"version": "7.74.0", "status": "affected", "lessThanOrEqual": "7.74.0", "versionType": "semver"}, {"version": "7.73.0", "status": "affected", "lessThanOrEqual": "7.73.0", "versionType": "semver"}, {"version": "7.72.0", "status": "affected", "lessThanOrEqual": "7.72.0", "versionType": "semver"}, {"version": "7.71.1", "status": "affected", "lessThanOrEqual": "7.71.1", "versionType": "semver"}, {"version": "7.71.0", "status": "affected", "lessThanOrEqual": "7.71.0", "versionType": "semver"}, {"version": "7.70.0", "status": "affected", "lessThanOrEqual": "7.70.0", "versionType": "semver"}, {"version": "7.69.1", "status": "affected", "lessThanOrEqual": "7.69.1", "versionType": "semver"}, {"version": "7.69.0", "status": "affected", "lessThanOrEqual": "7.69.0", "versionType": "semver"}, {"version": "7.68.0", "status": "affected", "lessThanOrEqual": "7.68.0", "versionType": "semver"}, {"version": "7.67.0", "status": "affected", "lessThanOrEqual": "7.67.0", "versionType": "semver"}, {"version": "7.66.0", "status": "affected", "lessThanOrEqual": "7.66.0", "versionType": "semver"}, {"version": "7.65.3", "status": "affected", "lessThanOrEqual": "7.65.3", "versionType": "semver"}, {"version": "7.65.2", "status": "affected", "lessThanOrEqual": "7.65.2", "versionType": "semver"}, {"version": "7.65.1", "status": "affected", "lessThanOrEqual": "7.65.1", "versionType": "semver"}, {"version": "7.65.0", "status": "affected", "lessThanOrEqual": "7.65.0", "versionType": "semver"}, {"version": "7.64.1", "status": "affected", "lessThanOrEqual": "7.64.1", "versionType": "semver"}, {"version": "7.64.0", "status": "affected", "lessThanOrEqual": "7.64.0", "versionType": "semver"}, {"version": "7.63.0", "status": "affected", "lessThanOrEqual": "7.63.0", "versionType": "semver"}, {"version": "7.62.0", "status": "affected", "lessThanOrEqual": "7.62.0", "versionType": "semver"}, {"version": "7.61.1", "status": "affected", "lessThanOrEqual": "7.61.1", "versionType": "semver"}, {"version": "7.61.0", "status": "affected", "lessThanOrEqual": "7.61.0", "versionType": "semver"}, {"version": "7.60.0", "status": "affected", "lessThanOrEqual": "7.60.0", "versionType": "semver"}, {"version": "7.59.0", "status": "affected", "lessThanOrEqual": "7.59.0", "versionType": "semver"}, {"version": "7.58.0", "status": "affected", "lessThanOrEqual": "7.58.0", "versionType": "semver"}, {"version": "7.57.0", "status": "affected", "lessThanOrEqual": "7.57.0", "versionType": "semver"}, {"version": "7.56.1", "status": "affected", "lessThanOrEqual": "7.56.1", "versionType": "semver"}, {"version": "7.56.0", "status": "affected", "lessThanOrEqual": "7.56.0", "versionType": "semver"}, {"version": "7.55.1", "status": "affected", "lessThanOrEqual": "7.55.1", "versionType": "semver"}, {"version": "7.55.0", "status": "affected", "lessThanOrEqual": "7.55.0", "versionType": "semver"}, {"version": "7.54.1", "status": "affected", "lessThanOrEqual": "7.54.1", "versionType": "semver"}, {"version": "7.54.0", "status": "affected", "lessThanOrEqual": "7.54.0", "versionType": "semver"}, {"version": "7.53.1", "status": "affected", "lessThanOrEqual": "7.53.1", "versionType": "semver"}, {"version": "7.53.0", "status": "affected", "lessThanOrEqual": "7.53.0", "versionType": "semver"}, {"version": "7.52.1", "status": "affected", "lessThanOrEqual": "7.52.1", "versionType": "semver"}, {"version": "7.52.0", "status": "affected", "lessThanOrEqual": "7.52.0", "versionType": "semver"}, {"version": "7.51.0", "status": "affected", "lessThanOrEqual": "7.51.0", "versionType": "semver"}, {"version": "7.50.3", "status": "affected", "lessThanOrEqual": "7.50.3", "versionType": "semver"}, {"version": "7.50.2", "status": "affected", "lessThanOrEqual": "7.50.2", "versionType": "semver"}, {"version": "7.50.1", "status": "affected", "lessThanOrEqual": "7.50.1", "versionType": "semver"}, {"version": "7.50.0", "status": "affected", "lessThanOrEqual": "7.50.0", "versionType": "semver"}, {"version": "7.49.1", "status": "affected", "lessThanOrEqual": "7.49.1", "versionType": "semver"}, {"version": "7.49.0", "status": "affected", "lessThanOrEqual": "7.49.0", "versionType": "semver"}, {"version": "7.48.0", "status": "affected", "lessThanOrEqual": "7.48.0", "versionType": "semver"}, {"version": "7.47.1", "status": "affected", "lessThanOrEqual": "7.47.1", "versionType": "semver"}, {"version": "7.47.0", "status": "affected", "lessThanOrEqual": "7.47.0", "versionType": "semver"}, {"version": "7.46.0", "status": "affected", "lessThanOrEqual": "7.46.0", "versionType": "semver"}, {"version": "7.45.0", "status": "affected", "lessThanOrEqual": "7.45.0", "versionType": "semver"}, {"version": "7.44.0", "status": "affected", "lessThanOrEqual": "7.44.0", "versionType": "semver"}, {"version": "7.43.0", "status": "affected", "lessThanOrEqual": "7.43.0", "versionType": "semver"}, {"version": "7.42.1", "status": "affected", "lessThanOrEqual": "7.42.1", "versionType": "semver"}, {"version": "7.42.0", "status": "affected", "lessThanOrEqual": "7.42.0", "versionType": "semver"}, {"version": "7.41.0", "status": "affected", "lessThanOrEqual": "7.41.0", "versionType": "semver"}, {"version": "7.40.0", "status": "affected", "lessThanOrEqual": "7.40.0", "versionType": "semver"}, {"version": "7.39.0", "status": "affected", "lessThanOrEqual": "7.39.0", "versionType": "semver"}, {"version": "7.38.0", "status": "affected", "lessThanOrEqual": "7.38.0", "versionType": "semver"}, {"version": "7.37.1", "status": "affected", "lessThanOrEqual": "7.37.1", "versionType": "semver"}, {"version": "7.37.0", "status": "affected", "lessThanOrEqual": "7.37.0", "versionType": "semver"}, {"version": "7.36.0", "status": "affected", "lessThanOrEqual": "7.36.0", "versionType": "semver"}, {"version": "7.35.0", "status": "affected", "lessThanOrEqual": "7.35.0", "versionType": "semver"}, {"version": "7.34.0", "status": "affected", "lessThanOrEqual": "7.34.0", "versionType": "semver"}, {"version": "7.33.0", "status": "affected", "lessThanOrEqual": "7.33.0", "versionType": "semver"}, {"version": "7.32.0", "status": "affected", "lessThanOrEqual": "7.32.0", "versionType": "semver"}, {"version": "7.31.0", "status": "affected", "lessThanOrEqual": "7.31.0", "versionType": "semver"}, {"version": "7.30.0", "status": "affected", "lessThanOrEqual": "7.30.0", "versionType": "semver"}, {"version": "7.29.0", "status": "affected", "lessThanOrEqual": "7.29.0", "versionType": "semver"}, {"version": "7.28.1", "status": "affected", "lessThanOrEqual": "7.28.1", "versionType": "semver"}, {"version": "7.28.0", "status": "affected", "lessThanOrEqual": "7.28.0", "versionType": "semver"}, {"version": "7.27.0", "status": "affected", "lessThanOrEqual": "7.27.0", "versionType": "semver"}, {"version": "7.26.0", "status": "affected", "lessThanOrEqual": "7.26.0", "versionType": "semver"}, {"version": "7.25.0", "status": "affected", "lessThanOrEqual": "7.25.0", "versionType": "semver"}, {"version": "7.24.0", "status": "affected", "lessThanOrEqual": "7.24.0", "versionType": "semver"}, {"version": "7.23.1", "status": "affected", "lessThanOrEqual": "7.23.1", "versionType": "semver"}, {"version": "7.23.0", "status": "affected", "lessThanOrEqual": "7.23.0", "versionType": "semver"}, {"version": "7.22.0", "status": "affected", "lessThanOrEqual": "7.22.0", "versionType": "semver"}, {"version": "7.21.7", "status": "affected", "lessThanOrEqual": "7.21.7", "versionType": "semver"}, {"version": "7.21.6", "status": "affected", "lessThanOrEqual": "7.21.6", "versionType": "semver"}, {"version": "7.21.5", "status": "affected", "lessThanOrEqual": "7.21.5", "versionType": "semver"}, {"version": "7.21.4", "status": "affected", "lessThanOrEqual": "7.21.4", "versionType": "semver"}, {"version": "7.21.3", "status": "affected", "lessThanOrEqual": "7.21.3", "versionType": "semver"}, {"version": "7.21.2", "status": "affected", "lessThanOrEqual": "7.21.2", "versionType": "semver"}, {"version": "7.21.1", "status": "affected", "lessThanOrEqual": "7.21.1", "versionType": "semver"}, {"version": "7.21.0", "status": "affected", "lessThanOrEqual": "7.21.0", "versionType": "semver"}, {"version": "7.20.1", "status": "affected", "lessThanOrEqual": "7.20.1", "versionType": "semver"}, {"version": "7.20.0", "status": "affected", "lessThanOrEqual": "7.20.0", "versionType": "semver"}, {"version": "7.19.7", "status": "affected", "lessThanOrEqual": "7.19.7", "versionType": "semver"}, {"version": "7.19.6", "status": "affected", "lessThanOrEqual": "7.19.6", "versionType": "semver"}, {"version": "7.19.5", "status": "affected", "lessThanOrEqual": "7.19.5", "versionType": "semver"}, {"version": "7.19.4", "status": "affected", "lessThanOrEqual": "7.19.4", "versionType": "semver"}, {"version": "7.19.3", "status": "affected", "lessThanOrEqual": "7.19.3", "versionType": "semver"}, {"version": "7.19.2", "status": "affected", "lessThanOrEqual": "7.19.2", "versionType": "semver"}, {"version": "7.19.1", "status": "affected", "lessThanOrEqual": "7.19.1", "versionType": "semver"}, {"version": "7.19.0", "status": "affected", "lessThanOrEqual": "7.19.0", "versionType": "semver"}, {"version": "7.18.2", "status": "affected", "lessThanOrEqual": "7.18.2", "versionType": "semver"}, {"version": "7.18.1", "status": "affected", "lessThanOrEqual": "7.18.1", "versionType": "semver"}, {"version": "7.18.0", "status": "affected", "lessThanOrEqual": "7.18.0", "versionType": "semver"}, {"version": "7.17.1", "status": "affected", "lessThanOrEqual": "7.17.1", "versionType": "semver"}, {"version": "7.17.0", "status": "affected", "lessThanOrEqual": "7.17.0", "versionType": "semver"}, {"version": "7.16.4", "status": "affected", "lessThanOrEqual": "7.16.4", "versionType": "semver"}, {"version": "7.16.3", "status": "affected", "lessThanOrEqual": "7.16.3", "versionType": "semver"}, {"version": "7.16.2", "status": "affected", "lessThanOrEqual": "7.16.2", "versionType": "semver"}, {"version": "7.16.1", "status": "affected", "lessThanOrEqual": "7.16.1", "versionType": "semver"}, {"version": "7.16.0", "status": "affected", "lessThanOrEqual": "7.16.0", "versionType": "semver"}, {"version": "7.15.5", "status": "affected", "lessThanOrEqual": "7.15.5", "versionType": "semver"}, {"version": "7.15.4", "status": "affected", "lessThanOrEqual": "7.15.4", "versionType": "semver"}, {"version": "7.15.3", "status": "affected", "lessThanOrEqual": "7.15.3", "versionType": "semver"}, {"version": "7.15.2", "status": "affected", "lessThanOrEqual": "7.15.2", "versionType": "semver"}, {"version": "7.15.1", "status": "affected", "lessThanOrEqual": "7.15.1", "versionType": "semver"}, {"version": "7.15.0", "status": "affected", "lessThanOrEqual": "7.15.0", "versionType": "semver"}, {"version": "7.14.1", "status": "affected", "lessThanOrEqual": "7.14.1", "versionType": "semver"}, {"version": "7.14.0", "status": "affected", "lessThanOrEqual": "7.14.0", "versionType": "semver"}, {"version": "7.13.2", "status": "affected", "lessThanOrEqual": "7.13.2", "versionType": "semver"}, {"version": "7.13.1", "status": "affected", "lessThanOrEqual": "7.13.1", "versionType": "semver"}, {"version": "7.13.0", "status": "affected", "lessThanOrEqual": "7.13.0", "versionType": "semver"}, {"version": "7.12.3", "status": "affected", "lessThanOrEqual": "7.12.3", "versionType": "semver"}, {"version": "7.12.2", "status": "affected", "lessThanOrEqual": "7.12.2", "versionType": "semver"}, {"version": "7.12.1", "status": "affected", "lessThanOrEqual": "7.12.1", "versionType": "semver"}, {"version": "7.12.0", "status": "affected", "lessThanOrEqual": "7.12.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://curl.se/docs/CVE-2026-7168.json", "name": "json"}, {"url": "https://curl.se/docs/CVE-2026-7168.html", "name": "www"}, {"url": "https://hackerone.com/reports/3697719", "name": "issue"}], "credits": [{"lang": "en", "value": "Muhamad Arga Reksapati", "type": "finder"}, {"lang": "en", "value": "Daniel Stenberg", "type": "remediation developer"}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/04/29/14"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-05-13T09:05:54.907Z"}}]}}