Information Exposure The advisory has been revoked - it doesn't affect any version of package rust-std-static-x86_64-unknown-none  (opens in a new tab)


Threat Intelligence

EPSS
0.33% (25th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CENTOS10-RUSTSTDSTATICX8664UNKNOWNNONE-15466553
  • published12 Mar 2026
  • disclosed11 Mar 2026

Introduced: 11 Mar 2026

CVE-2026-3783  (opens in a new tab)
CWE-201  (opens in a new tab)

Amendment

The Centos security team deemed this advisory irrelevant for Centos:10.

NVD Description

Note: Versions mentioned in the description apply only to the upstream rust-std-static-x86_64-unknown-none package and not the rust-std-static-x86_64-unknown-none package as distributed by Centos.

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances.

If the hostname that the first request is redirected to has information in the used .netrc file, with either of the machine or default keywords, curl would pass on the bearer token set for the first host also to the second one.