VDB

GCVE-110-NCSC-2026-101

GCVE-110-NCSC-2026-101
Advisory PublishedCVSS 5.3/10
Vulnetix · Advisory published March 25, 2026
A vulnerability in libcurl versions 7.33.0 to 8.17.0 causes OAuth2 bearer tokens to be unintentionally leaked during cross-protocol redirects involving IMAP, LDAP, POP3, or SMTP schemes, potentially exposing sensitive information.

Weaknesses (CWE)

CWE-522Insufficiently Protected CredentialsCWE-125Out-of-bounds Read

Risk Scores

CVSS 3.1
5.3/10
Medium · CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersionsPlatforms
Applevers:unknown/*

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,738 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›