Description
When asking curl to use a `.netrc` file to find credentials and at the same time specifying a URL with a username(without a password), like `https://[email protected]/`, curl could wrongly get and use the password for *another* user set in the `.netrc` file for that host if such a one exists and there is no match for the specified user.
References (3)
Core 3
Core References
Scores
CVSS v3
9.1
EPSS
0.0061
EPSS Percentile
45.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-522
Status
published
Products (13)
curl/curl
8.11.1
curl/curl
8.12.0
curl/curl
8.12.1
curl/curl
8.13.0
curl/curl
8.14.0
curl/curl
8.14.1
curl/curl
8.15.0
curl/curl
8.16.0
curl/curl
8.17.0
curl/curl
8.18.0
... and 3 more
Published
Jul 03, 2026
Tracked Since
Jul 03, 2026