VDB
KO

GO-2026-5890

Kerberos Hub private key (X-Kerberos-Hub-PrivateKey) leaked to cross-host redirect target due to redirect-following HTTP client without CheckRedirect in github.com/kerberos-io/agent/machinery

Details

Kerberos Hub private key (X-Kerberos-Hub-PrivateKey) leaked to cross-host redirect target due to redirect-following HTTP client without CheckRedirect in github.com/kerberos-io/agent/machinery

Are you affected?

Enter the version of the package you're using.

Affected packages

Go / github.com/kerberos-io/agent/machinery
Introduced in: 0 Fixed in: 0.0.0-20260528173546-51f1a52e170f
Fix go get github.com/kerberos-io/agent/machinery@v0.0.0-20260528173546-51f1a52e170f

References