UBUNTU-CVE-2026-6253
- Source
- https://ubuntu.com/security/CVE-2026-6253
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-6253.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-6253
- Upstream
- Downstream
- Related
- Published
- 2026-04-29T14:00:00Z
- Modified
- 2026-05-20T22:03:10.106770050Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for different URL schemes 2. the first proxy needs credentials 3. the second proxy uses no credentials 4. while using the first proxy (using say
http://), curl is asked to follow a redirect to a URL using another scheme (sayhttps://), accessed using a second, different, proxy - References
Affected packages
Ubuntu:22.04:LTS
curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.81.0-1ubuntu1.24
Affected versions
7.*
7.74.0-1.3ubuntu2
7.74.0-1.3ubuntu3
7.80.0-3
7.81.0-1
7.81.0-1ubuntu1.1
7.81.0-1ubuntu1.2
7.81.0-1ubuntu1.3
7.81.0-1ubuntu1.4
7.81.0-1ubuntu1.6
7.81.0-1ubuntu1.7
7.81.0-1ubuntu1.8
7.81.0-1ubuntu1.10
7.81.0-1ubuntu1.11
7.81.0-1ubuntu1.13
7.81.0-1ubuntu1.14
7.81.0-1ubuntu1.15
7.81.0-1ubuntu1.16
7.81.0-1ubuntu1.17
7.81.0-1ubuntu1.18
7.81.0-1ubuntu1.19
7.81.0-1ubuntu1.20
7.81.0-1ubuntu1.21
7.81.0-1ubuntu1.22
7.81.0-1ubuntu1.23
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "7.81.0-1ubuntu1.24",
"binary_name": "curl"
},
{
"binary_version": "7.81.0-1ubuntu1.24",
"binary_name": "libcurl3-gnutls"
},
{
"binary_version": "7.81.0-1ubuntu1.24",
"binary_name": "libcurl3-nss"
},
{
"binary_version": "7.81.0-1ubuntu1.24",
"binary_name": "libcurl4"
}
]
}Ubuntu:24.04:LTS
curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.5.0-2ubuntu10.9
Affected versions
8.*
8.2.1-1ubuntu3
8.2.1-1ubuntu3.1
8.4.0-2ubuntu1
8.5.0-2ubuntu1
8.5.0-2ubuntu2
8.5.0-2ubuntu8
8.5.0-2ubuntu9
8.5.0-2ubuntu10
8.5.0-2ubuntu10.1
8.5.0-2ubuntu10.2
8.5.0-2ubuntu10.3
8.5.0-2ubuntu10.4
8.5.0-2ubuntu10.5
8.5.0-2ubuntu10.6
8.5.0-2ubuntu10.7
8.5.0-2ubuntu10.8
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "8.5.0-2ubuntu10.9",
"binary_name": "curl"
},
{
"binary_version": "8.5.0-2ubuntu10.9",
"binary_name": "libcurl3t64-gnutls"
},
{
"binary_version": "8.5.0-2ubuntu10.9",
"binary_name": "libcurl4t64"
}
]
}Ubuntu:25.10
curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.14.1-2ubuntu1.3
Affected versions
8.*
8.12.1-3ubuntu1
8.13.0-5ubuntu1
8.14.1-1ubuntu2
8.14.1-1ubuntu3
8.14.1-2ubuntu1
8.14.1-2ubuntu1.1
8.14.1-2ubuntu1.2
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "8.14.1-2ubuntu1.3",
"binary_name": "curl"
},
{
"binary_version": "8.14.1-2ubuntu1.3",
"binary_name": "libcurl3t64-gnutls"
},
{
"binary_version": "8.14.1-2ubuntu1.3",
"binary_name": "libcurl4t64"
}
]
}Ubuntu:26.04:LTS
curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.18.0-1ubuntu2.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "8.18.0-1ubuntu2.1",
"binary_name": "curl"
},
{
"binary_version": "8.18.0-1ubuntu2.1",
"binary_name": "libcurl3t64-gnutls"
},
{
"binary_version": "8.18.0-1ubuntu2.1",
"binary_name": "libcurl4t64"
}
]
}Ubuntu:Pro:14.04:LTS
curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl?arch=source&distro=esm-infra-legacy%2Ftrusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.32.0-1ubuntu1
7.33.0-1ubuntu1
7.34.0-1ubuntu1
7.35.0-1ubuntu1
7.35.0-1ubuntu2
7.35.0-1ubuntu2.1
7.35.0-1ubuntu2.2
7.35.0-1ubuntu2.3
7.35.0-1ubuntu2.5
7.35.0-1ubuntu2.6
7.35.0-1ubuntu2.7
7.35.0-1ubuntu2.8
7.35.0-1ubuntu2.9
7.35.0-1ubuntu2.10
7.35.0-1ubuntu2.11
7.35.0-1ubuntu2.12
7.35.0-1ubuntu2.13
7.35.0-1ubuntu2.14
7.35.0-1ubuntu2.15
7.35.0-1ubuntu2.16
7.35.0-1ubuntu2.17
7.35.0-1ubuntu2.19
7.35.0-1ubuntu2.20
7.35.0-1ubuntu2.20+esm2
7.35.0-1ubuntu2.20+esm3
7.35.0-1ubuntu2.20+esm4
7.35.0-1ubuntu2.20+esm5
7.35.0-1ubuntu2.20+esm6
7.35.0-1ubuntu2.20+esm7
7.35.0-1ubuntu2.20+esm8
7.35.0-1ubuntu2.20+esm9
7.35.0-1ubuntu2.20+esm10
7.35.0-1ubuntu2.20+esm11
7.35.0-1ubuntu2.20+esm12
7.35.0-1ubuntu2.20+esm13
7.35.0-1ubuntu2.20+esm14
7.35.0-1ubuntu2.20+esm15
7.35.0-1ubuntu2.20+esm16
7.35.0-1ubuntu2.20+esm17
7.35.0-1ubuntu2.20+esm18
7.35.0-1ubuntu2.20+esm19
Ecosystem specific
{
"binaries": [
{
"binary_version": "7.35.0-1ubuntu2.20+esm19",
"binary_name": "curl"
},
{
"binary_version": "7.35.0-1ubuntu2.20+esm19",
"binary_name": "libcurl3"
},
{
"binary_version": "7.35.0-1ubuntu2.20+esm19",
"binary_name": "libcurl3-gnutls"
},
{
"binary_version": "7.35.0-1ubuntu2.20+esm19",
"binary_name": "libcurl3-nss"
}
]
}Ubuntu:Pro:16.04:LTS
curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl?arch=source&distro=esm-infra%2Fxenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.43.0-1ubuntu2
7.45.0-1ubuntu1
7.46.0-1ubuntu1
7.47.0-1ubuntu1
7.47.0-1ubuntu2
7.47.0-1ubuntu2.1
7.47.0-1ubuntu2.2
7.47.0-1ubuntu2.3
7.47.0-1ubuntu2.4
7.47.0-1ubuntu2.5
7.47.0-1ubuntu2.6
7.47.0-1ubuntu2.7
7.47.0-1ubuntu2.8
7.47.0-1ubuntu2.9
7.47.0-1ubuntu2.11
7.47.0-1ubuntu2.12
7.47.0-1ubuntu2.13
7.47.0-1ubuntu2.14
7.47.0-1ubuntu2.15
7.47.0-1ubuntu2.16
7.47.0-1ubuntu2.18
7.47.0-1ubuntu2.19
7.47.0-1ubuntu2.19+esm1
7.47.0-1ubuntu2.19+esm2
7.47.0-1ubuntu2.19+esm3
7.47.0-1ubuntu2.19+esm4
7.47.0-1ubuntu2.19+esm5
7.47.0-1ubuntu2.19+esm6
7.47.0-1ubuntu2.19+esm7
7.47.0-1ubuntu2.19+esm8
7.47.0-1ubuntu2.19+esm9
7.47.0-1ubuntu2.19+esm10
7.47.0-1ubuntu2.19+esm11
7.47.0-1ubuntu2.19+esm12
7.47.0-1ubuntu2.19+esm13
7.47.0-1ubuntu2.19+esm15
Ecosystem specific
{
"binaries": [
{
"binary_version": "7.47.0-1ubuntu2.19+esm15",
"binary_name": "curl"
},
{
"binary_version": "7.47.0-1ubuntu2.19+esm15",
"binary_name": "libcurl3"
},
{
"binary_version": "7.47.0-1ubuntu2.19+esm15",
"binary_name": "libcurl3-gnutls"
},
{
"binary_version": "7.47.0-1ubuntu2.19+esm15",
"binary_name": "libcurl3-nss"
}
]
}Ubuntu:Pro:18.04:LTS
curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl?arch=source&distro=esm-infra%2Fbionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.55.1-1ubuntu2
7.55.1-1ubuntu2.1
7.57.0-1ubuntu1
7.58.0-2ubuntu1
7.58.0-2ubuntu2
7.58.0-2ubuntu3
7.58.0-2ubuntu3.1
7.58.0-2ubuntu3.2
7.58.0-2ubuntu3.3
7.58.0-2ubuntu3.5
7.58.0-2ubuntu3.6
7.58.0-2ubuntu3.7
7.58.0-2ubuntu3.8
7.58.0-2ubuntu3.9
7.58.0-2ubuntu3.10
7.58.0-2ubuntu3.12
7.58.0-2ubuntu3.13
7.58.0-2ubuntu3.14
7.58.0-2ubuntu3.15
7.58.0-2ubuntu3.16
7.58.0-2ubuntu3.17
7.58.0-2ubuntu3.18
7.58.0-2ubuntu3.19
7.58.0-2ubuntu3.20
7.58.0-2ubuntu3.21
7.58.0-2ubuntu3.22
7.58.0-2ubuntu3.23
7.58.0-2ubuntu3.24
7.58.0-2ubuntu3.24+esm1
7.58.0-2ubuntu3.24+esm2
7.58.0-2ubuntu3.24+esm3
7.58.0-2ubuntu3.24+esm4
7.58.0-2ubuntu3.24+esm5
7.58.0-2ubuntu3.24+esm7
7.58.0-2ubuntu3.24+esm8
Ecosystem specific
{
"binaries": [
{
"binary_version": "7.58.0-2ubuntu3.24+esm8",
"binary_name": "curl"
},
{
"binary_version": "7.58.0-2ubuntu3.24+esm8",
"binary_name": "libcurl3-gnutls"
},
{
"binary_version": "7.58.0-2ubuntu3.24+esm8",
"binary_name": "libcurl3-nss"
},
{
"binary_version": "7.58.0-2ubuntu3.24+esm8",
"binary_name": "libcurl4"
}
]
}Ubuntu:Pro:20.04:LTS
curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl?arch=source&distro=esm-infra%2Ffocal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.65.3-1ubuntu3
7.65.3-1ubuntu4
7.66.0-1ubuntu1
7.67.0-2ubuntu1
7.68.0-1ubuntu1
7.68.0-1ubuntu2
7.68.0-1ubuntu2.1
7.68.0-1ubuntu2.2
7.68.0-1ubuntu2.4
7.68.0-1ubuntu2.5
7.68.0-1ubuntu2.6
7.68.0-1ubuntu2.7
7.68.0-1ubuntu2.10
7.68.0-1ubuntu2.11
7.68.0-1ubuntu2.12
7.68.0-1ubuntu2.13
7.68.0-1ubuntu2.14
7.68.0-1ubuntu2.15
7.68.0-1ubuntu2.16
7.68.0-1ubuntu2.18
7.68.0-1ubuntu2.19
7.68.0-1ubuntu2.20
7.68.0-1ubuntu2.21
7.68.0-1ubuntu2.22
7.68.0-1ubuntu2.23
7.68.0-1ubuntu2.24
7.68.0-1ubuntu2.25
7.68.0-1ubuntu2.25+esm2
7.68.0-1ubuntu2.25+esm3
Ecosystem specific
{
"binaries": [
{
"binary_version": "7.68.0-1ubuntu2.25+esm3",
"binary_name": "curl"
},
{
"binary_version": "7.68.0-1ubuntu2.25+esm3",
"binary_name": "libcurl3-gnutls"
},
{
"binary_version": "7.68.0-1ubuntu2.25+esm3",
"binary_name": "libcurl3-nss"
},
{
"binary_version": "7.68.0-1ubuntu2.25+esm3",
"binary_name": "libcurl4"
}
]
}