CVE-2026-11856
CVE Details
Visit the official vulnerability details page for CVE-2026-11856 to learn more.
Initial Publication
07/03/2026
Last Update
07/07/2026
Third Party Dependency
curl-minimal
NIST CVE Summary
Successfully using libcurl to do a transfer to a specific HTTP origin (`hostA`) with Digest authentication and then changing the origin to a different one (`hostB`) for a second transfer, reusing the same handle, makes libcurl wrongly pass on the `Authorization:` header field meant for `hostA`, to `hostB`.
CVE Severity
Our Official Summary
Investigation is ongoing to determine how this vulnerability affects our products.
Status
Analyzed
Affected Products & Versions
| Version | PaletteAI | PaletteAI VerteX |
|---|---|---|
| 1.1.6 | ⚠️ Impacted | ⚠️ Impacted |
| 1.0.7 | ⚠️ Impacted | ⚠️ Impacted |
Revision History
No revisions available.