Skip to main content
Version: v1.1.x

CVE-2026-11856

CVE Details

Visit the official vulnerability details page for CVE-2026-11856 to learn more.

Initial Publication

07/03/2026

Last Update

07/07/2026

Third Party Dependency

curl-minimal

NIST CVE Summary

Successfully using libcurl to do a transfer to a specific HTTP origin (`hostA`) with Digest authentication and then changing the origin to a different one (`hostB`) for a second transfer, reusing the same handle, makes libcurl wrongly pass on the `Authorization:` header field meant for `hostA`, to `hostB`.

CVE Severity

9.8

Our Official Summary

Investigation is ongoing to determine how this vulnerability affects our products.

Status

Analyzed

Affected Products & Versions

VersionPaletteAIPaletteAI VerteX
1.1.6⚠️ Impacted⚠️ Impacted
1.0.7⚠️ Impacted⚠️ Impacted

Revision History

No revisions available.