curl: Digest Auth Bypass via Proxy Capture-Replay (CVE-2026-7168) Advisory

漏洞概述 漏洞ID: CVE-2026-7168 漏洞名称: curl: Authentication Bypass by Capture-replay 漏洞描述: 成功利用libcurl通过特定HTTP代理（proxy1）进行传输，使用Digest认证，然后更改代理主机到第二个代理（proxy2）进行第二次传输，重用同一个句柄，导致libcurl错误地将 头字段从proxy1传递到proxy2。 修改时间: 2026-04-29T07:48:41.002Z 数据库特定信息: - 包: curl - 影响: lib - URL: https://curl.se/docs/CVE-2026-7168.json - WWW: https://curl.se/docs/CVE-2026-7168.html - 来源: https://hackerone.com/reports/3007759 - CWE: CWE-294 - 描述: Authentication Bypass by Capture-replay - 严重程度: Medium 影响范围 受影响版本: - SEMVER: 7.12.0 - GIT: fcd6ff1b30416cafeef2f2d73a3239e074a04216 - 其他版本: 8.19.0, 8.18.0, 8.17.0, 8.16.0, 8.15.0, 8.14.1, 8.14.0, 8.13.0, 8.12.1, 8.12.0, 8.11.1, 8.11.0, 8.10.1, 8.10.0, 8.9.1, 8.9.0, 8.8.0, 8.7.1, 8.7.0, 8.6.0, 8.5.0, 8.4.0, 8.3.0, 8.2.1, 8.2.0, 8.1.1, 8.1.0, 8.0.1, 8.0.0, 7.88.1, 7.88.0, 7.87.0, 7.86.0, 7.85.0, 7.84.0, 7.83.1, 7.83.0, 7.82.0, 7.81.0, 7.80.0, 7.79.1, 7.78.0, 7.78.0, 7.77.0, 7.76.1, 7.76.0, 7.75.0, 7.74.0, 7.73.0, 7.72.1, 7.71.1, 7.71.0, 7.70.0, 7.69.1, 7.69.0, 7.68.0, 7.67.0, 7.66.0, 7.65.3, 7.65.2, 7.65.1, 7.65.0, 7.64.1, 7.64.0, 7.63.0, 7.62.0, 7.61.1, 7.61.0, 7.59.0, 7.58.0, 7.57.0, 7.56.1, 7.56.0, 7.55.1, 7.55.0, 7.54.1, 7.54.0, 7.53.1, 7.53.0, 7.52.1, 7.52.0, 7.51.0, 7.50.3, 7.50.2, 7.50.1, 7.50.0, 7.49.1, 7.49.0, 7.48.0, 7.47.1, 7.47.0, 7.46.0, 7.45.0, 7.44.0, 7.43.0, 7.42.1, 7.41.0, 7.40.0, 7.39.0, 7.38.0, 7.37.1, 7.37.0, 7.36.0, 7.35.0, 7.34.0, 7.33.0, 7.32.0, 7.31.0, 7.30.0, 7.29.0, 7.28.1, 7.28.0, 7.27.0, 7.26.0, 7.25.0, 7.24.0, 7.23.1, 7.23.0, 7.22.0, 7.21.1, 7.21.0, 7.20.1, 7.20.0, 7.19.7, 7.19.6, 7.19.5, 7.19.4, 7.19.3, 7.19.2, 7.19.1, 7.18.1, 7.18.0, 7.17.1, 7.17.0, 7.16.4, 7.16.3, 7.16.2, 7.16.1, 7.16.0, 7.15.5, 7.15.4, 7.15.3, 7.15.2, 7.15.1, 7.15.0, 7.14.1, 7.14.0, 7.13.2, 7.13.1, 7.13.0, 7.12.3, 7.12.2, 7.12.1, 7.12.0 修复方案 修复版本: - SEMVER: 8.20.0 - GIT: 1c1cf59aca8f504c45784c5f6cd7c894507 贡献者 发现者: Muhammad Arga Reksapati 修复开发者: Daniel Stenberg 详细信息 详情: Successfully using libcurl to do a transfer over a specific HTTP proxy1/proxy1) with Digest authentication and then changing the proxy host to the second one (proxy2) for a second transfer, reusing the same handle, makes libcurl wrongly pass on the header field meant for proxy1, to proxy2.

目標達成 すべての支援者に感謝 — 100%達成しました！

curl: Digest Auth Bypass via Proxy Capture-Replay (CVE-2026-7168) Advisory

目標達成すべての支援者に感謝 — 100%達成しました！