Privilege Esc Escalation: libcurl Fails to Clear Proxy Auth Credentials
CVE-2026-9079 Published on July 3, 2026
stale proxy password leak
libcurl had a flaw that when instructed to clear proxy authentication
credentials which made it not do so, leaving the old credentials around to get
used for subsequent transfers that should not know nor use them.
Products Associated with CVE-2026-9079
stack.watch emails you whenever new vulnerabilities are published in Canonical Ubuntu Linux or Haxx Curl. Just hit a watch button to start following.
Affected Versions
curl:- Version 8.20.0, <= 8.20.0 is affected.
- Version 8.19.0, <= 8.19.0 is affected.
- Version 8.18.0, <= 8.18.0 is affected.
- Version 8.17.0, <= 8.17.0 is affected.
- Version 8.16.0, <= 8.16.0 is affected.
- Version 8.15.0, <= 8.15.0 is affected.
- Version 8.14.1, <= 8.14.1 is affected.
- Version 8.14.0, <= 8.14.0 is affected.
- Version 8.13.0, <= 8.13.0 is affected.
- Version 8.12.1, <= 8.12.1 is affected.
- Version 8.12.0, <= 8.12.0 is affected.
- Version 8.11.1, <= 8.11.1 is affected.
- Version 8.11.0, <= 8.11.0 is affected.
- Version 8.10.1, <= 8.10.1 is affected.
- Version 8.10.0, <= 8.10.0 is affected.
- Version 8.9.1, <= 8.9.1 is affected.
- Version 8.9.0, <= 8.9.0 is affected.
- Version 8.8.0, <= 8.8.0 is affected.