CVE-2026-6253

curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for different URL schemes 2. the first proxy needs credentials 3. the second proxy uses no credentials 4. whil...

CVE-2026-6253 proxy credentials leak over redirect-to proxy

curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for different URL schemes 2. the first proxy needs credentials 3. the second proxy uses no credentials 4. whil...

CVE-2026-5545

CVE-2026-5545 affects libcurl: a logical error in connection reuse can cause a request to a server usingNegotiate authentication with user1:password1 to be mistakenly sent over a connection still authenticated for user1 when a second operation tries to authenticate as user2:password2 on the same ...

curl 安全漏洞

curl is an open-source tool developed by cURL for transferring data from a server or to a server. Curl has a security vulnerability that stems from an error in proxy credential transmission, which may lead to the incorrect transmission of credentials from one proxy to another...

curl 安全漏洞

curl is an open-source tool developed by cURL for transferring data from a server or to a server. Curl has a security vulnerability, which stems from an error in passing the proxy authentication header. This error may cause the Proxy-Authorization header from the first proxy to be incorrectly...

curl 安全漏洞

curl is an open-source tool developed by cURL, used for transferring data from or to a server. Curl has a security vulnerability, which stems from a logic error in connection reuse. This error may cause TLS-enabled connections to incorrectly reuse existing unencrypted connections, resulting in da...

curl 安全漏洞

curl is an open-source tool developed by cURL for transferring data from or to a server. There is a security vulnerability in curl, which stems from a failure in OCSP binding detection. This failure may lead to an incorrect assumption that the server’s certificate is valid...

curl 安全漏洞

curl is an open-source tool developed by cURL for transferring data from or to a server. Curl has a security vulnerability, which stems from improper handling of .netrc file credentials and HTTP redirection. This vulnerability may lead to password exposure...

CVE-2026-43879

CVE-2026-43879 (WWBN/AVideo) describes a blind SSRF in the donation webhook flow. In versions up to 29.0, an authenticated user can configure donation_notification_url to point at internal or RFC1918 hosts (e.g., 127.0.0.1, 169.254.169.254). When another user donates, the server issues a curl POS...

Unity Linux 20.1060e / 20.1070e Security Update: curl (UTSA-2026-017589)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017589 advisory. When sending data to an MQTT server, libcurl = 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use...

Unity Linux 20.1060e / 20.1070e Security Update: curl (UTSA-2026-017504)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017504 advisory. curl 7.1.1 to and including 7.75.0 is vulnerable to an Exposure of Private Personal Information to an Unauthorized Actor by leaking credentials in the HTTP Referer:...

Unity Linux 20.1060e / 20.1070e Security Update: curl (UTSA-2026-017661)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017661 advisory. curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPTTELNETOPTIONS in libcurl, is used to send...

Unity Linux 20.1060e / 20.1070e Security Update: curl (UTSA-2026-017559)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017559 advisory. A user can tell curl = 7.20.0 and = 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server --ssl-reqd on the command line...

Unity Linux 20.1060e / 20.1070e Security Update: curl (UTSA-2026-017570)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017570 advisory. When curl = 7.20.0 and = 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back...

Unity Linux 20.1060e / 20.1070e Security Update: curl (UTSA-2026-017588)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017588 advisory. curl supports the -t command line option, known as CURLOPTTELNETOPTIONSin libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Du...

Unity Linux 20.1060e / 20.1070e Security Update: curl (UTSA-2026-017535)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017535 advisory. curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets...

Unity Linux 20.1060e / 20.1070e Security Update: curl (UTSA-2026-017507)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017507 advisory. curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPTSSLCIPHERLIST when libcurl is built to use...

curl: Kerberos/SPNEGO Connection Reuse Vulnerability

Kerberos/SPNEGO Connection Reuse Vulnerability in curl Summary curl reuses HTTP connections across different users without checking Kerberos state. User B's request can inherit User A's GSS security context, allowing authentication bypass. Affected Versions All curl versions with Kerberos support...

Fedora 44 : php (2026-c66eaae759)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-c66eaae759 advisory. PHP version 8.5.6 07 May 2026 Core: Fixed bug GH-19983 GC assertion failure with fibers, generators and destructors. iliaal Fixed ZENDAPI mismatch o...

SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2026:1717-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1717-1 advisory. Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-5545:...