CVE-2026-3783

Publication date 11 March 2026

Last updated 13 March 2026

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

5.3 · Medium

Score breakdown

Description

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl cwould leak that token to the second hostname under some circumstances.

Read the notes from the security team

Status

Package Ubuntu Release Status
curl 25.10 questing
Fixed 8.14.1-2ubuntu1.2
24.04 LTS noble
Fixed 8.5.0-2ubuntu10.8
22.04 LTS jammy
Fixed 7.81.0-1ubuntu1.23
20.04 LTS focal
Vulnerable
18.04 LTS bionic
Not affected
16.04 LTS xenial
Not affected
14.04 LTS trusty
Not affected

Notes

john-breton

The HTTP Bearer authentication feature was not added into cURL until 7.61.0. Anything older than that is not vulnerable.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
curl

Severity score breakdown

Parameter Value
Base score 5.3 · Medium
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality Low
Integrity impact None
Availability impact None
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

Related Ubuntu Security Notices (USN)

Other references

Access our resources on patching vulnerabilities