VDB
CVE-2026-20698
CVE-2026-20698
PUBLISHED
CVSS 5.5 MEDIUM
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.
EPSS 0.01% · 0.3th percentile
Risk Scores
CVSS v3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
0.01%
0.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| curl | curl | 7.86.0, 7.36.0, 7.35.0 |
| apple | macos | 26.0 |
| apple | watchos | 0 |
| Apple | iOS and iPadOS | 0 |
| Apple | tvOS | 0 |
| apple | ipados | 0 |
| Apple | watchOS | 0 |
| apple | tvos | 0 |
| apple | iphone_os | 0 |
| Apple | macOS | 0 |
| Apple | visionOS | 0 |
| apple | visionos | 0 |
Exploit Intelligence
- CVE-2026-20698: XNU kernel heap overflow via PF_ROUTE RTA_GENMASK. PoC and analysis. Independently discovered. (github-poc-repo)
- CVE-2026-20698: XNU kernel heap overflow via PF_ROUTE RTA_GENMASK. PoC and analysis. Independently discovered. (github-poc-repo)
- CVE-2026-20698: XNU kernel heap overflow via PF_ROUTE RTA_GENMASK. PoC and analysis. Independently discovered. (github-poc-repo)
- CVE-2026-20698: XNU kernel heap overflow via PF_ROUTE RTA_GENMASK. PoC and analysis. Independently discovered. (github-poc-repo)
- CVE-2026-20698: XNU kernel heap overflow via PF_ROUTE RTA_GENMASK. PoC and analysis. Independently discovered. (github-poc)
- CVE-2026-20698: XNU kernel heap overflow via PF_ROUTE RTA_GENMASK. PoC and analysis. Independently discovered. (github-poc)
- CVE-2026-20698: XNU kernel heap overflow via PF_ROUTE RTA_GENMASK. PoC and analysis. Independently discovered. (github-poc)
- CVE-2026-20698: XNU kernel heap overflow via PF_ROUTE RTA_GENMASK. PoC and analysis. Independently discovered. (github-poc)
- http://www.openwall.com/lists/oss-security/2026/01/07/4 (circl)
- json (circl)
…and 209 more exploits
Timeline
- Oct 5, 2023 PoC Published
- Apr 28, 2025 PoC Published
- Oct 11, 2025 PoC Published
- Oct 12, 2025 PoC Published
- Oct 16, 2025 PoC Published
- Oct 17, 2025 PoC Published
- Oct 17, 2025 PoC Published
- Oct 21, 2025 PoC Published
- Oct 24, 2025 PoC Published
- Oct 24, 2025 PoC Published
- Oct 24, 2025 PoC Published
- Oct 24, 2025 PoC Published
References
- https://support.apple.com/en-us/126792 url
- https://support.apple.com/en-us/126794 url
- https://support.apple.com/en-us/126797 url
- https://support.apple.com/en-us/126798 url
- https://support.apple.com/en-us/126799 url
- https://support.apple.com/en-us/126793 advisory
- https://support.apple.com/en-us/126800 advisory
- https://support.apple.com/en-us/126796 advisory
- https://support.apple.com/en-us/126795 advisory
- https://support.apple.com/en-us/126801 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-20698 advisory
- json url
- www url
- issue url
- http://www.openwall.com/lists/oss-security/2026/01/07/4 url