CVE-2026-8368
- Source
- https://cve.org/CVERecord?id=CVE-2026-8368
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-8368.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-8368
- Downstream
- Related
- Published
- 2026-05-12T14:01:25.365Z
- Modified
- 2026-06-18T03:54:28.106126590Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects
- Details
-
LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects.
On a 3xx response, the redirect handler strips only Host and Cookie before issuing the follow-up request. Caller-supplied Authorization and Proxy-Authorization headers are sent unchanged to the redirect target, including across scheme, host, or port changes.
A redirect to an attacker controlled host therefore discloses the caller's credentials to that host.
- Database specific
{ "cna_assigner": "CPANSec", "cwe_ids": [ "CWE-522" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/8xxx/CVE-2026-8368.json" }- References
-
- http://www.openwall.com/lists/oss-security/2026/05/12/7
- https://cpan.org/modules
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/8xxx/CVE-2026-8368.json
- https://metacpan.org/release/OALDERS/libwww-perl-6.83/changes
- https://nvd.nist.gov/vuln/detail/CVE-2026-8368
- https://github.com/libwww-perl/libwww-perl/pull/512
- https://github.com/libwww-perl/libwww-perl/commit/9c4aeb6f2dd32f2b7eaf2d7827cade31ea6cb2c6.patch
- https://github.com/libwww-perl/libwww-perl/pull/284
- https://github.com/libwww-perl/libwww-perl
Affected packages
Git / github.com/libwww-perl/libwww-perl
Affected versions
5.*
5.816
5.817
5.818
5.819
5.820
5.821
5.822
5.823
5.824
5.825
6.*
6.04
6.05
6.06
6.07
6.08
6.09
6.10
6.11
6.12
6.13
6.15
6.19
Other
B10
B11
B12
B13
B5
B6
B7
B8
B9
list
R0.*
R0.02
R0.03
R0.04
R5.*
R5.00
R5.01
R5.02
R5.03
R5.04
R5.05
R5.06
R5.07
R5.08
R5.09
R5.10
R5.11
R5.12
R5.13
R5.14
R5.15
R5.16
R5.17
R5.18
R5.18.03
R5.18.04
R5.18.05
R5.19
R5.20
R5.21
R5.22
R5.30
R5.31
R5.32
R5.33
R5.34
R5.35
R5.36
R5.41
R5.42
R5.43
R5.44
R5.45
R5.46
R5.47
R5.48
R5.49
R5.50
R5.51
R5.52
R5.53
R5.53.90
R5.53.91
R5.53.92
R5.53.93
R5.53.94
R5.53.95
R5.53.96
R5.53.97
R5.60
R5.61
R5.62
R5.63
R5.64
R5.65
R5.66
R5.67
R5.68
R5.69
R5.70
R5.71
R5.72
R5.73
R5.74
R5.75
R5.76
R5.77
R5.78
R5.79
R5.800
R5.801
R5.802
R5.803
R5.804
R5.805
R5.806
R5.807
R5.808
R5.810
R5.811
R5.812
R5.813
R5.814
R5.815
libwww-perl/0.*
libwww-perl/0.03
libwww-perl/5.*
libwww-perl/5.00
libwww-perl/5.00-beta10
libwww-perl/5.00-beta11
libwww-perl/5.00-beta12
libwww-perl/5.00-beta13
libwww-perl/5.00-beta5
libwww-perl/5.00-beta6
libwww-perl/5.00-beta7
libwww-perl/5.00-beta8
libwww-perl/5.00-beta9
libwww-perl/5.01
libwww-perl/5.02
libwww-perl/5.03
libwww-perl/5.04
libwww-perl/5.05
libwww-perl/5.06
libwww-perl/5.07
libwww-perl/5.08
libwww-perl/5.09
libwww-perl/5.10
libwww-perl/5.11
libwww-perl/5.12
libwww-perl/5.13
libwww-perl/5.14
libwww-perl/5.15
libwww-perl/5.16
libwww-perl/5.17
libwww-perl/5.18
libwww-perl/5.18.03
libwww-perl/5.18.04
libwww-perl/5.18.05
libwww-perl/5.19
libwww-perl/5.20
libwww-perl/5.21
libwww-perl/5.22
libwww-perl/5.30
libwww-perl/5.31
libwww-perl/5.32
libwww-perl/5.33
libwww-perl/5.34
libwww-perl/5.35
libwww-perl/5.36
libwww-perl/5.41
libwww-perl/5.42
libwww-perl/5.43
libwww-perl/5.44
libwww-perl/5.45
libwww-perl/5.46
libwww-perl/5.47
libwww-perl/5.48
libwww-perl/5.49
libwww-perl/5.50
libwww-perl/5.51
libwww-perl/5.52
libwww-perl/5.53
libwww-perl/5.53.90
libwww-perl/5.53.91
libwww-perl/5.53.92
libwww-perl/5.53.93
libwww-perl/5.53.94
libwww-perl/5.53.95
libwww-perl/5.53.96
libwww-perl/5.53.97
libwww-perl/5.60
libwww-perl/5.61
libwww-perl/5.62
libwww-perl/5.63
libwww-perl/5.64
libwww-perl/5.65
libwww-perl/5.66
libwww-perl/5.67
libwww-perl/5.68
libwww-perl/5.69
libwww-perl/5.70
libwww-perl/5.71
libwww-perl/5.72
libwww-perl/5.73
libwww-perl/5.74
libwww-perl/5.75
libwww-perl/5.76
libwww-perl/5.77
libwww-perl/5.78
libwww-perl/5.79
libwww-perl/5.800
libwww-perl/5.801
libwww-perl/5.802
libwww-perl/5.803
libwww-perl/5.804
libwww-perl/5.805
libwww-perl/5.806
libwww-perl/5.807
libwww-perl/5.808
libwww-perl/5.810
libwww-perl/5.811
libwww-perl/5.812
libwww-perl/5.813
libwww-perl/5.814
libwww-perl/5.815
libwww-perl/5.816
libwww-perl/5.817
libwww-perl/5.818
libwww-perl/5.819
libwww-perl/5.820
libwww-perl/5.821
libwww-perl/5.822
libwww-perl/5.823
libwww-perl/5.824
libwww-perl/5.825
libwww-perl/5.826
libwww-perl/5.827
libwww-perl/5.828
libwww-perl/5.829
libwww-perl/5.830
libwww-perl/5.831
libwww-perl/5.832
libwww-perl/5.833
libwww-perl/5.834
libwww-perl/5.835
libwww-perl/5.836
libwww-perl/5.837
libwww-perl/6.*
libwww-perl/6.00
libwww-perl/6.01
libwww-perl/6.02
libwww-perl/6.03
libwww-perl/6.09
libwww-perl/6.16
libwww-perl/6.17
libwww-perl/6.18
v6.*
v6.20
v6.21
v6.22
v6.23
v6.24
v6.25
v6.26
v6.27
v6.28
v6.29
v6.30
v6.31
v6.32
v6.33
v6.34
v6.35
v6.36
v6.37
v6.38
v6.39
v6.40
v6.41
v6.42
v6.43
v6.44
v6.45
v6.46
v6.47
v6.48
v6.49
v6.50
v6.51
v6.52
v6.53
v6.54
v6.55
v6.56
v6.57
v6.58
v6.59
v6.60
v6.61
v6.62
v6.63
v6.64
v6.65
v6.66
v6.67
v6.68
v6.69
v6.70
v6.71
v6.72
v6.73
v6.74
v6.75
v6.76
v6.77
v6.78
v6.79
v6.80
v6.81
v6.82