CVE-2026-6253
CVE Details
Visit the official vulnerability details page for CVE-2026-6253 to learn more.
Initial Publication
05/13/2026
Last Update
05/14/2026
Third Party Dependency
curl-minimal
NIST CVE Summary
curl might erroneously pass on credentials for a first proxy to a second proxy.
This can happen when the following conditions are true:
- curl is setup to use specific different proxies for different URL schemes
- the first proxy needs credentials
- the second proxy uses no credentials
- while using the first proxy (using say `http://`), curl is asked to follow a redirect to a URL using another scheme (say `https://`), accessed using a second, different, proxy
CVE Severity
Our Official Summary
Investigation is ongoing to determine how this vulnerability affects our products.
Status
Analyzed
Affected Products & Versions
| Version | PaletteAI | PaletteAI VerteX |
|---|---|---|
| 1.1.0 | ⚠️ Impacted | ⚠️ Impacted |
| 1.0.7 | ⚠️ Impacted | ⚠️ Impacted |
Revision History
No revisions available.