CVE-2026-40490 | AsyncHttpClient async-http-client up to 2.14.4/3.0.8 on Basic/Digest Header Authorization information disclosure (GHSA-cmxv-58fp-fm3g)

A vulnerability described as problematic has been identified in AsyncHttpClient async-http-client up to 2.14.4/3.0.8 on Basic/Digest. Affected by this vulnerability is an unknown functionality of the component Header Handler. Such manipulation of the argument Authorization leads to information disclosure.

This vulnerability is referenced as CVE-2026-40490. It is possible to launch the attack remotely. No exploit is available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More