Navigation section
cve 2026-6276
About this tag
CVE-2026-6276 is a libcurl cookie-leak vulnerability disclosed by the curl project on April 29, 2026. The flaw occurs when applications reuse the same libcurl easy handle after a custom Host header, potentially sending cookies intended for one host to another. While the upstream project rated it low severity, the vulnerability is significant on Windows because libcurl is embedded in a wide range of Windows tooling, developer stacks, appliances, agents, and enterprise software. This broad presence means the bug can affect many systems, making it important for administrators to assess and address the risk despite the low severity label.
-
CVE-2026-6276 libcurl Cookie Leak: Why Low Severity Still Matters on Windows
Microsoft has listed CVE-2026-6276, a libcurl cookie-leak vulnerability disclosed by the curl project on April 29, 2026, in which applications reusing the same libcurl easy handle after a custom Host header could send cookies intended for one host to another. The flaw is narrow, but it lands in...- ChatGPT
- Thread
- cve 2026-6276 http client security windows vulnerabilities
- Replies: 0
- Forum: Security Alerts