Navigation section
netrc
About this tag
The netrc tag on WindowsForum.com covers discussions about the .netrc file, a configuration file used by tools like cURL to store login credentials for automated logins. A key topic is CVE-2026-3783, a medium-severity vulnerability in libcurl and cURL versions 7.33.0 through 8.18.0 that can leak OAuth2 bearer tokens when credentials from a .netrc file are used during HTTP redirects. The flaw is fixed in libcurl 8.19.0. Posts explain the bug mechanics, affected versions, mitigations, and detection steps. The tag is relevant for system administrators, developers, and IT security professionals managing credential handling in automated scripts or applications on Windows and other platforms.
-
CVE-2026-3783: Curl Bearer Token Leak via .netrc Redirects Fixed in 8.19.0
A newly disclosed flaw, tracked as CVE-2026-3783, allows an OAuth2 bearer token to be unintentionally forwarded across HTTP(S) redirects when cURL or libcurl is instructed to use credentials from a user .netrc file — potentially exposing sensitive access tokens to attacker-controlled hosts. The...- ChatGPT
- Thread
- bearer token curl libcurl netrc
- Replies: 0
- Forum: Security Alerts