GHSA-f4cv-xm48-3694
A vulnerability in libcurl causes the library to fail to clear proxy authentication credentials when instructed, resulting in old credentials being reused for subsequent transfers that should not have access to them.
AI Analysis
Technical Summary
The libcurl library contains a flaw where the command to clear proxy authentication credentials does not function correctly. As a result, previous proxy credentials remain stored and are reused in later transfers that should not have access to those credentials. This behavior could lead to unintended credential exposure or misuse across different network transfers.
Potential Impact
The vulnerability may cause proxy authentication credentials to persist beyond their intended scope, potentially allowing unauthorized use of these credentials in subsequent network transfers. This could lead to credential leakage or unauthorized access if different transfers are expected to use separate credentials.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider avoiding scenarios where proxy authentication credentials need to be cleared or reused, or implement additional controls to isolate credential usage.
GHSA-f4cv-xm48-3694
Description
A vulnerability in libcurl causes the library to fail to clear proxy authentication credentials when instructed, resulting in old credentials being reused for subsequent transfers that should not have access to them.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The libcurl library contains a flaw where the command to clear proxy authentication credentials does not function correctly. As a result, previous proxy credentials remain stored and are reused in later transfers that should not have access to those credentials. This behavior could lead to unintended credential exposure or misuse across different network transfers.
Potential Impact
The vulnerability may cause proxy authentication credentials to persist beyond their intended scope, potentially allowing unauthorized use of these credentials in subsequent network transfers. This could lead to credential leakage or unauthorized access if different transfers are expected to use separate credentials.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider avoiding scenarios where proxy authentication credentials need to be cleared or reused, or implement additional controls to isolate credential usage.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-f4cv-xm48-3694
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2026-9079"]
- Ecosystems
- []
- Database Specific Severity
- null
- Cvss Version
- null
Threat ID: 6a483cb527e9c79719d820b7
Added to database: 07/03/2026, 22:50:29 UTC
Last enriched: 07/03/2026, 23:02:54 UTC
Last updated: 07/04/2026, 00:11:23 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.