CVE-2026-55767 is a medium-severity vulnerability in Guzzle, a PHP HTTP client. The vulnerability arises from the CookieJar component incorrectly accepting cookies with a dot-only Domain attribute and whitespace-padded variants. This issue allows an attacker-controlled origin to set a cookie that Guzzle later sends to unrelated hosts using the same jar, potentially leading to cookie injection or session f [truncated]
Guzzle, a popular PHP HTTP client, has a vulnerability that allows cleartext proxy traffic in certain configurations. This issue arises when using the built-in cURL handlers with libcurl older than 7.50.2 and an https:// proxy. The vulnerability, fixed in Guzzle 7.12.1, exposes proxy authentication credentials and the CONNECT target host and port for tunneled HTTPS requests. Affected applications are thos [truncated]
