CVE-2026-9546
UnknownSummary
A vulnerability in libcurl causes the HTTP `Referer:` header to persist even when explicitly cleared. According to the documentation, passing NULL to `CURLOPT_REFERER` should suppress the header, but the option fails to clear the internal state. As a result, the previous referrer string is erroneously reused and sent in subsequent requests, potentially leaking sensitive information to unintended servers.
Risk Assessment
The risk involves uncontrolled disclosure of sensitive data (e.g., session URLs) to external servers, which may compromise user privacy and application security.
Recommendation
Immediately update libcurl to a patched version. Until the update, avoid using CURLOPT_REFERER with NULL to clear the header.
Original NVD description (English source)
A vulnerability in libcurl caused the HTTP `Referer:` header to persist even when explicitly cleared. While the documentation states that passing NULL to `CURLOPT_REFERER` suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously reused and sent in subsequent requests, potentially leaking sensitive information to unintended servers.

