PT-2026-43067 · Hackney · Hackney

Benoit Chesneau

+2

·

Published

2026-05-25

·

Updated

2026-06-26

·

CVE-2026-47070

CVSS v3.1

6.1

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions benoitc hackney versions 3.1.1 through 4.0.0
Description A sensitive data exposure issue exists where the HTTP/3 redirect handler in src/hackney h3.erl passes original request headers to a redirect target without performing cross-origin checks. If a client makes an HTTP/3 request with follow redirect enabled and includes Authorization or Cookie headers, a server responding with a 3xx redirect to a different host will cause the client to forward these credentials verbatim to the new origin. This occurs because hackney h3.erl lacks the protection provided by the maybe strip auth on redirect() function found in the main hackney.erl module.
Recommendations Update to version 4.0.1.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-47070
GHSA-H73Q-4W9Q-82H4

Affected Products

Hackney