netrc

A newly disclosed flaw, tracked as CVE-2026-3783, allows an OAuth2 bearer token to be unintentionally forwarded across HTTP(S) redirects when cURL or libcurl is instructed to use credentials from a user .netrc file — potentially exposing sensitive access tokens to attacker-controlled hosts. The...