Bug 2491767 (CVE-2026-55568)
| Summary: | CVE-2026-55568 guzzlehttp/guzzle: Guzzle: Information disclosure via cleartext proxy communication | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in Guzzle, an extensible PHP HTTP client. In certain configurations, when an application uses Guzzle's built-in cURL handlers with an HTTPS proxy and an older version of libcurl (prior to 7.50.2), traffic intended to be protected by TLS is transmitted in cleartext. This can lead to the disclosure of sensitive information, such as proxy authentication credentials and the target host and port for tunneled HTTPS requests, to an unencrypted proxy. A remote attacker could exploit this to intercept sensitive data.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2491788, 2491789, 2491791, 2491793 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-06-23 16:01:23 UTC
|