{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-48856/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-11T04:45:35.836Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-48856","@id":"https://www.cve.org/CVERecord?id=CVE-2026-48856","description":"Sensitive Data Exposure vulnerability in Erlang OTP inets (httpc_response module) allows Retrieve Embedded Sensitive Data.\n\nThe httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an origin boundary. httpc_response:redirect/2 constructs the redirected request by updating only the host field of the header record; all other fields (including authorization and proxy_authorization) are copied verbatim. The "},"products":[{"@id":"cpe:2.3:a:erlang:otp:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:erlang:otp:*:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"Update to a fixed version: *, 688d748d6f7a6a06b13b662a1d3de8af97079612.","timestamp":"2026-06-11T04:45:35.836Z"}]}