CVE-2026-3783

medium

Red Hat

CVSS v3 Base Score

5.7

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Published: March 11, 2026

Last Modified: March 11, 2026

Vendor: Red Hat

Source: REDHAT

Description

A flaw was found in curl. When an OAuth2 bearer token is used for an HTTP(S) transfer that redirects to a second URL, curl could unintentionally leak the token. This occurs if the second hostname has entries in the `.netrc` file, allowing the bearer token intended for the first host to be sent to the redirected host. This information disclosure could allow an attacker to gain unauthorized access.

CWE

CWE-201

Affected Products

Confidential Compute AttestationLogging Subsystem for Red Hat OpenShiftRed Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat JBoss Core ServicesRed Hat OpenShift Container Platform 4

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 www.openwall.com 🔗 curl.se

CVE-2026-3783

Vulnerability Report

Description

CWE

Affected Products

References