—
GO-2026-5890
Kerberos Hub private key (X-Kerberos-Hub-PrivateKey) leaked to cross-host redirect target due to redirect-following HTTP client without CheckRedirect in github.com/kerberos-io/agent/machinery
Details
Kerberos Hub private key (X-Kerberos-Hub-PrivateKey) leaked to cross-host redirect target due to redirect-following HTTP client without CheckRedirect in github.com/kerberos-io/agent/machinery
Are you affected?
Enter the version of the package you're using.
Affected packages
Go / github.com/kerberos-io/agent/machinery
Introduced in:
0 Fixed in: 0.0.0-20260528173546-51f1a52e170f Fix
go get github.com/kerberos-io/agent/machinery@v0.0.0-20260528173546-51f1a52e170f