Bug 2446450 (CVE-2026-3783) - CVE-2026-3783 curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect
Summary: CVE-2026-3783 curl: curl: Information disclosure via OAuth2 bearer token leak...
Keywords:
Status: NEW
Alias: CVE-2026-3783
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2446472 2446473 2446474 2446478 2446480 2446482 2446483 2446487 2446475 2446476 2446477 2446484 2446485 2446486
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-03-11 11:01 UTC by OSIDB Bzimport
Modified: 2026-03-11 12:12 UTC (History)
26 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2026-03-11 11:01:24 UTC 
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer
performs a redirect to a second URL, curl could leak that token to the second
hostname under some circumstances.

If the hostname that the first request is redirected to has information in the
used .netrc file, with either of the `machine` or `default` keywords, curl
would pass on the bearer token set for the first host also to the second one.
Note You need to log in before you can comment on or make changes to this bug.