VDB
GCVE-110-NCSC-2026-101
GCVE-110-NCSC-2026-101
Advisory PublishedCVSS 5.3/10
A vulnerability in libcurl versions 7.33.0 to 8.17.0 causes OAuth2 bearer tokens to be unintentionally leaked during cross-protocol redirects involving IMAP, LDAP, POP3, or SMTP schemes, potentially exposing sensitive information.
Weaknesses (CWE)
CWE-522Insufficiently Protected CredentialsCWE-125Out-of-bounds Read
Risk Scores
CVSS 3.1
5.3/10
Medium · CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Apple | vers:unknown/* | — | — |
Aliases
CVE-2025-14524CVE-2025-43376CVE-2025-43534CVE-2025-64505CVE-2026-20657CVE-2026-20665CVE-2026-20668CVE-2026-20687CVE-2026-20688CVE-2026-20690CVE-2026-20691CVE-2026-20692CVE-2026-20698CVE-2026-28822CVE-2026-28833CVE-2026-28852CVE-2026-28856CVE-2026-28857CVE-2026-28858CVE-2026-28859CVE-2026-28861CVE-2026-28863CVE-2026-28864CVE-2026-28865CVE-2026-28866CVE-2026-28867CVE-2026-28868CVE-2026-28870CVE-2026-28871CVE-2026-28874CVE-2026-28875CVE-2026-28876CVE-2026-28877CVE-2026-28878CVE-2026-28879CVE-2026-28880CVE-2026-28882CVE-2026-28886CVE-2026-28894CVE-2026-28895
References
Browse GCVE Records
73,738 records in the GCVE database · Updated July 19, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.