Version: v1.1.x

CVE-2026-7168

CVE Details

Visit the official vulnerability details page for CVE-2026-7168 to learn more.

Initial Publication

05/13/2026

Last Update

05/14/2026

Third Party Dependency

curl-minimal

NIST CVE Summary

Successfully using libcurl to do a transfer over a specific HTTP proxy (`proxyA`) with Digest authentication and then changing the proxy host to a second one (`proxyB`) for a second transfer, reusing the same handle, makes libcurl wrongly pass on the `Proxy-Authorization:` header field meant for `proxyA`, to `proxyB`.

CVE Severity

5.3

Our Official Summary

Investigation is ongoing to determine how this vulnerability affects our products.

Status

Analyzed

Affected Products & Versions

Version	PaletteAI	PaletteAI VerteX
1.1.1	⚠️ Impacted	⚠️ Impacted
1.0.7	⚠️ Impacted	⚠️ Impacted

Revision History

No revisions available.

CVE Details​

Initial Publication​

Last Update​

Third Party Dependency​

NIST CVE Summary​

CVE Severity​

Our Official Summary​

Status​

Affected Products & Versions​

Revision History​