Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-9546— sending old referer

AI Predicted 5.3 Difficulty: Moderate EPSS 0.65% · P47

Possible ATT&CK Techniques 1AI

T1041 · Exfiltration Over C2 Channel

Affected Version Matrix 3

VendorProductVersion RangeStatus
curlcurl8.20.0≤ 8.20.0affected
8.19.0≤ 8.19.0affected
8.18.0≤ 8.18.0affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-9546

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
sending old referer
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in libcurl caused the HTTP `Referer:` header to persist even when explicitly cleared. While the documentation states that passing NULL to `CURLOPT_REFERER` suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously reused and sent in subsequent requests, potentially leaking sensitive information to unintended servers.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
curl 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
curl是瑞典cURL团队开源的一款用于从服务器传输数据或向服务器传输数据的工具。 curl存在信息泄露漏洞,该漏洞源于libcurl中HTTP `Referer:`标头在明确清除时仍会持久化,当传递NULL给`CURLOPT_REFERER`时未能清除内部状态,导致前一referrer字符串错误地被重用并在后续请求中发送,可能将敏感信息泄露给非预期的服务器。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
curlcurl 8.20.0 ~ 8.20.0 -

II. Public POCs for CVE-2026-9546

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-9546

登录查看更多情报信息。

Vendor Advisories for CVE-2026-9546 (1)

Other References for CVE-2026-9546 (2)

Same Patch Batch · curl · 2026-07-03 · 18 CVEs total

CVE-2026-10536HTTP/2 stream-dependency tree UAF
CVE-2026-8932incomplete mTLS config matching in conn reuse
CVE-2026-8458wrong reuse for different services
CVE-2026-8925SASL double-free
CVE-2026-8286wrong STARTTLS connection reuse
CVE-2026-8927env-set cross-proxy Digest auth state leak
CVE-2026-8926password leak with netrc and user in URL
CVE-2026-8924trailing dot domain super cookie
CVE-2026-12064proto-default skips SSH verification
CVE-2026-11352QUIC zero-length UDP datagrams busy-loop
CVE-2026-9545exposing HTTP/3 early data
CVE-2026-9080UAF after pause in socket callback
CVE-2026-9547SSH improper host validation
CVE-2026-9079stale proxy password leak
CVE-2026-11564Native CA trust persist
CVE-2026-11856cross-origin Digest auth state leak
CVE-2026-11586WS Auto-PONG memory exhaustion

IV. Related Vulnerabilities

V. Comments for CVE-2026-9546

No comments yet


Leave a comment