Description
A vulnerability in libcurl caused the HTTP `Referer:` header to persist even when explicitly cleared. While the documentation states that passing NULL to `CURLOPT_REFERER` suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously reused and sent in subsequent requests, potentially leaking sensitive information to unintended servers.
References (3)
Core 3
Core References
Scores
EPSS
0.0021
EPSS Percentile
10.8%
Details
Status
published
Products (3)
curl/curl
8.18.0
curl/curl
8.19.0
curl/curl
8.20.0
Published
Jul 03, 2026
Tracked Since
Jul 03, 2026