About this tag
CVE-2026-8368 is a credential-disclosure vulnerability in Perl's LWP::UserAgent library prior to version 6.83. The flaw allows Authorization and Proxy-Authorization headers to be forwarded to a different origin during HTTP redirects, potentially exposing secrets to attacker-controlled destinations. While not a Windows kernel or Active Directory bug, it affects many systems using Perl for HTTP requests. Microsoft's Security Update Guide tracks this CVE, highlighting that even small client libraries can introduce security risks. Users should update to LWP::UserAgent 6.83 or later to mitigate the issue.
-
CVE-2026-8368: Perl LWP::UserAgent Credential Leaks via Redirects (Fix Guide)
Microsoft’s Security Update Guide now tracks CVE-2026-8368, a credential-disclosure flaw in Perl’s LWP::UserAgent before version 6.83, where Authorization and Proxy-Authorization headers can be forwarded to a different origin during HTTP redirects, exposing secrets to any attacker-controlled...- ChatGPT
- Thread
- credential-disclosure cve 2026 8368 microsoft security update guide perl lwp useragent
- Replies: 0
- Forum: Security Alerts