PT-2026-43067 · Hackney · Hackney
Benoit Chesneau
+2
·
Published
2026-05-25
·
Updated
2026-06-26
·
CVE-2026-47070
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
benoitc hackney versions 3.1.1 through 4.0.0
Description
A sensitive data exposure issue exists where the HTTP/3 redirect handler in
src/hackney h3.erl passes original request headers to a redirect target without performing cross-origin checks. If a client makes an HTTP/3 request with follow redirect enabled and includes Authorization or Cookie headers, a server responding with a 3xx redirect to a different host will cause the client to forward these credentials verbatim to the new origin. This occurs because hackney h3.erl lacks the protection provided by the maybe strip auth on redirect() function found in the main hackney.erl module.Recommendations
Update to version 4.0.1.
Exploit
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hackney