CVE-2026-6276

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Using libcurl, when a custom Host: header is first set for an HTTP request and a second request is subsequently done using the same easy handle but without the custom Host: header set, the second request would use stale information and pass on cookies meant for the first host in the second request. Leak them.

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-346

Related Identifiers

CVE-2026-6276

Affected Products

Curl

CVE-2026-6276

Weakness Enumeration

Related Identifiers

Affected Products

References · 2