HomeDefault status
unaffected
8.17.0 (semver)
affected
8.16.0 (semver)
affected
8.15.0 (semver)
affected
8.14.1 (semver)
affected
8.14.0 (semver)
affected
8.13.0 (semver)
affected
8.12.1 (semver)
affected
8.12.0 (semver)
affected
8.11.1 (semver)
affected
8.11.0 (semver)
affected
8.10.1 (semver)
affected
8.10.0 (semver)
affected
8.9.1 (semver)
affected
8.9.0 (semver)
affected
8.8.0 (semver)
affected
8.7.1 (semver)
affected
8.7.0 (semver)
affected
8.6.0 (semver)
affected
8.5.0 (semver)
affected
8.4.0 (semver)
affected
8.3.0 (semver)
affected
8.2.1 (semver)
affected
8.2.0 (semver)
affected
8.1.2 (semver)
affected
8.1.1 (semver)
affected
8.1.0 (semver)
affected
8.0.1 (semver)
affected
8.0.0 (semver)
affected
7.88.1 (semver)
affected
7.88.0 (semver)
affected
7.87.0 (semver)
affected
7.86.0 (semver)
affected
7.85.0 (semver)
affected
7.84.0 (semver)
affected
7.83.1 (semver)
affected
7.83.0 (semver)
affected
7.82.0 (semver)
affected
7.81.0 (semver)
affected
7.80.0 (semver)
affected
7.79.1 (semver)
affected
7.79.0 (semver)
affected
7.78.0 (semver)
affected
7.77.0 (semver)
affected
7.76.1 (semver)
affected
7.76.0 (semver)
affected
7.75.0 (semver)
affected
7.74.0 (semver)
affected
7.73.0 (semver)
affected
7.72.0 (semver)
affected
7.71.1 (semver)
affected
7.71.0 (semver)
affected
7.70.0 (semver)
affected
7.69.1 (semver)
affected
7.69.0 (semver)
affected
7.68.0 (semver)
affected
7.67.0 (semver)
affected
7.66.0 (semver)
affected
7.65.3 (semver)
affected
7.65.2 (semver)
affected
7.65.1 (semver)
affected
7.65.0 (semver)
affected
7.64.1 (semver)
affected
7.64.0 (semver)
affected
7.63.0 (semver)
affected
7.62.0 (semver)
affected
7.61.1 (semver)
affected
7.61.0 (semver)
affected
7.60.0 (semver)
affected
7.59.0 (semver)
affected
7.58.0 (semver)
affected
7.57.0 (semver)
affected
7.56.1 (semver)
affected
7.56.0 (semver)
affected
7.55.1 (semver)
affected
7.55.0 (semver)
affected
7.54.1 (semver)
affected
7.54.0 (semver)
affected
7.53.1 (semver)
affected
7.53.0 (semver)
affected
7.52.1 (semver)
affected
7.52.0 (semver)
affected
7.51.0 (semver)
affected
7.50.3 (semver)
affected
7.50.2 (semver)
affected
7.50.1 (semver)
affected
7.50.0 (semver)
affected
7.49.1 (semver)
affected
7.49.0 (semver)
affected
7.48.0 (semver)
affected
7.47.1 (semver)
affected
7.47.0 (semver)
affected
7.46.0 (semver)
affected
7.45.0 (semver)
affected
7.44.0 (semver)
affected
7.43.0 (semver)
affected
7.42.1 (semver)
affected
7.42.0 (semver)
affected
7.41.0 (semver)
affected
7.40.0 (semver)
affected
7.39.0 (semver)
affected
7.38.0 (semver)
affected
7.37.1 (semver)
affected
7.37.0 (semver)
affected
7.36.0 (semver)
affected
7.35.0 (semver)
affected
7.34.0 (semver)
affected
7.33.0 (semver)
affected
Description
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.
Problem types
CWE-522 Insufficiently Protected Credentials
Product status
8.17.0 (semver)
8.16.0 (semver)
8.15.0 (semver)
8.14.1 (semver)
8.14.0 (semver)
8.13.0 (semver)
8.12.1 (semver)
8.12.0 (semver)
8.11.1 (semver)
8.11.0 (semver)
8.10.1 (semver)
8.10.0 (semver)
8.9.1 (semver)
8.9.0 (semver)
8.8.0 (semver)
8.7.1 (semver)
8.7.0 (semver)
8.6.0 (semver)
8.5.0 (semver)
8.4.0 (semver)
8.3.0 (semver)
8.2.1 (semver)
8.2.0 (semver)
8.1.2 (semver)
8.1.1 (semver)
8.1.0 (semver)
8.0.1 (semver)
8.0.0 (semver)
7.88.1 (semver)
7.88.0 (semver)
7.87.0 (semver)
7.86.0 (semver)
7.85.0 (semver)
7.84.0 (semver)
7.83.1 (semver)
7.83.0 (semver)
7.82.0 (semver)
7.81.0 (semver)
7.80.0 (semver)
7.79.1 (semver)
7.79.0 (semver)
7.78.0 (semver)
7.77.0 (semver)
7.76.1 (semver)
7.76.0 (semver)
7.75.0 (semver)
7.74.0 (semver)
7.73.0 (semver)
7.72.0 (semver)
7.71.1 (semver)
7.71.0 (semver)
7.70.0 (semver)
7.69.1 (semver)
7.69.0 (semver)
7.68.0 (semver)
7.67.0 (semver)
7.66.0 (semver)
7.65.3 (semver)
7.65.2 (semver)
7.65.1 (semver)
7.65.0 (semver)
7.64.1 (semver)
7.64.0 (semver)
7.63.0 (semver)
7.62.0 (semver)
7.61.1 (semver)
7.61.0 (semver)
7.60.0 (semver)
7.59.0 (semver)
7.58.0 (semver)
7.57.0 (semver)
7.56.1 (semver)
7.56.0 (semver)
7.55.1 (semver)
7.55.0 (semver)
7.54.1 (semver)
7.54.0 (semver)
7.53.1 (semver)
7.53.0 (semver)
7.52.1 (semver)
7.52.0 (semver)
7.51.0 (semver)
7.50.3 (semver)
7.50.2 (semver)
7.50.1 (semver)
7.50.0 (semver)
7.49.1 (semver)
7.49.0 (semver)
7.48.0 (semver)
7.47.1 (semver)
7.47.0 (semver)
7.46.0 (semver)
7.45.0 (semver)
7.44.0 (semver)
7.43.0 (semver)
7.42.1 (semver)
7.42.0 (semver)
7.41.0 (semver)
7.40.0 (semver)
7.39.0 (semver)
7.38.0 (semver)
7.37.1 (semver)
7.37.0 (semver)
7.36.0 (semver)
7.35.0 (semver)
7.34.0 (semver)
7.33.0 (semver)
Credits
anonymous237 on hackerone
Daniel Stenberg
References
www.openwall.com/lists/oss-security/2026/01/07/4
curl.se/docs/CVE-2025-14524.json (json)
curl.se/docs/CVE-2025-14524.html (www)
hackerone.com/reports/3459417 (issue)