CVE-2026-7009

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it fails to detect OCSP problems and instead wrongly consider the response as fine...

CVE-2026-7009

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it fails to detect OCSP problems and instead wrongly consider the response as fine...

JLSEC-2026-386

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTPS redirects is used with authentication could leak credentials to other services that exist on different protocols ...

Astra Linux - уязвимость в curl

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port. In this way, the malicious server can potentially enable curl to extract information about services that would otherwise be private and undisclosed. This could...

Astra Linux - уязвимость в curl

When curl 7.84.0 performs FTP transfers secured by krb5, it incorrectly handles message verification failures. This flaw allows a Man-In-The-Middle attack to go unnoticed, and even enables the attacker to inject data into the client’s system...

Astra Linux - уязвимость в curl

A poorly protected credentials vulnerability exists in curl 4.9, and versions including curl 7.82.0 are also affected. This vulnerability could allow attackers to extract credentials when using HTTPS redirections with authentication. As a result, credentials may be leaked to other services that...

Astra Linux - уязвимость в curl

This flaw allows an attacker to insert cookies into a running program using libcurl, provided that certain conditions are met. liocurl performs transfers. In its API, an application can create “easy handles”—individual handles for single transfers. liocurl provides a function called...

Linux Distros Unpatched Vulnerability : CVE-2026-6429

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When asked to both use a .netrc file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to ho...

Linux Distros Unpatched Vulnerability : CVE-2026-5545

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTPS request after a Negotiate-authenticated one, when both us...

ROS-20260410-73-0016

Vulnerability in curl related to authentication bypass due to an initial bug. Exploitation of the vulnerability could allow an attacker acting remotely to escalate their privileges...

SUSE CVE-2026-3783

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...

AlmaLinux 10 : curl (ALSA-2026:1825)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:1825 advisory. curl: libcurl: Curl out of bounds read for cookie path CVE-2025-9086 Tenable has extracted the preceding description block directly from the AlmaLinux security...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: curl (UTSA-2026-004929)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004929 advisory. When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally...

SUSE SLES12 Security Update : curl (SUSE-SU-2026:0119-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:0119-1 advisory. - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS bsc1256105 Tenable has extracted the preceding description block directly from the SUSE...

MiracleLinux 3 : curl-7.15.5-9.AXS3.3 (AXSA:2011-231:01)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-231:01 advisory. cURL is a tool for getting files from HTTP, FTP, FILE, LDAP, LDAPS, DICT, TELNET and TFTP servers, using any of the supported protocols. cURL is designed to...

Slackware: Security Advisory (SSA:2026-007-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

curl: libcurl: Curl out of bounds read for cookie path

An out of bounds read flaw has been discovered in the curl project. Under specific conditions the path comparison logic makes curl read outside a heap buffer boundary. This bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site...

Siemens SIMATIC S7-1500 Insufficiently Protected Credentials (CVE-2022-27774)

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTPS redirects is used with authentication could leak credentials to other services that exist on different protocols ...

curl 安全漏洞

Haxx curl is a set of file transfer tools that work at the command line using URL syntax. A security bypass vulnerability exists in Haxx curl due to a flaw that retains the connected SSL session ID in its cache even if the authentication state OCSP binding test fails. An attacker could use this...

curl: HSTS ignored on multiple requests

A flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the same command line because the state would not be properly carried. This issue may result in limited confidentiality and integrity...