Aikido Intel
Secure My Code
Intel

AIKIDO-2026-10950

guzzlehttp/guzzle is vulnerable to Exposure of Sensitive Information

Exposure of Sensitive Information Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published Yesterday

53

Medium Risk

This Affects:

PHPguzzlehttp/guzzle
7.2.0 - 7.10.0
Fixed in 7.10.1
Are you affected? Scan for Free

TL;DR

When the cURL handler fails while building a response, Guzzle can leave a previous response object attached to the reused handle. If parsing or validation fails on a later request, callers inspecting the thrown exception may see headers or body from an earlier transaction. Before the fix, failed response creation could therefore leak sensitive data from a prior HTTP exchange. The patch clears the in-flight response before parsing and omits stale responses from the error object when creation fails.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

guzzlehttp/guzzle is vulnerable to Exposure of Sensitive Information in versions 7.2.0 - 7.10.0.

How to fix this

Upgrade the guzzlehttp/guzzle library to the patch version.

Links

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Scan for Free
Book a Demo

Free. No credit card required.

Aikido Platform
Subscribe
Stay up to date with all updates
LinkedIn YouTube X
© 2026 Aikido Security BV | BE0792914919
Ghent, Belgium | San Francisco, US
SOC 2SOC 2Compliant
ISO 27001ISO 27001Compliant
Get Security Done