curl: no_proxy IDN mismatch: Unicode hostnames bypass proxy exclusion list

Summary Unicode IDN hostnames in noproxy are never converted to punycode before comparison, so they never match the request hostname which curl has already converted to punycode. A user who types noproxy="bücher.de" and requests http://bücher.de/ expects the proxy to be bypassed. Instead curl...

curl: Improper enforcement of CURLOPT_SOCKS5_AUTH due to missing reuse key validation in libcurl

detail: - lib/setopt.c:1048-1051 - CURLOPTSOCKS5AUTH is stored into data-set.socks5auth - lib/socks.c:597-641 socks5req0init - fresh SOCKS5 handshake reads data-set.socks5auth, if BASIC is not allowed, it clears sx-proxyuser at 618-620, so username/password auth is not even offered -...

203-python-project-rc (>=0.2.0 <=0.2.2), 5mghost-rover (>=0.0.1 <=0.0.26) +1767 more potentially affected by CVE-2026-33752 via curl-cffi (>=0.10.0 <=0.15.0)

curl-cffi PYPI version =0.10.0, =0.2.0, =0.0.1, =1.0.0, =0.2.1, =0.1.3, =0.1.0, =0.2.0, =1.1.0, =0.1.1, =0.0.2, =0.4.0, =0.1.0, =0.1.8 and more Source cves: CVE-2026-33752 Source advisory: SNYK:PYTHON-CURLCFFI-15907859...

Server-side Request Forgery (SSRF)

Overview curl-cffi is a python binding for curl-impersonate via cffi. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the handling of user-supplied URLs and automatic redirect following in the get function. An attacker can access internal network resources...

curl: Internal application wrapper or script using curl

While -guid is not a standard or documented curl command, a Command Injection or Argument Injection vulnerability within a specific application that wraps curl. Security Analysis: curl -guid -url example.com 1. Status of the "-guid" FlagUndocumented/Non-existent: The official curl binary does not...

PT-2026-30271

Name of the Vulnerable Software and Affected Versions curl cffi affected versions not specified Description curl cffi does not restrict requests to internal IP ranges and automatically follows redirects via libcurl. This allows an attacker-controlled URL to redirect requests to internal services,...

SUSE: Security Advisory (SUSE-SU-2026:20918-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

HTTPS Fetch, Reverse TCP Stager (DNS)

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/meterpreter/reversetcpdns msf payloadreversetcpdns show actions ...actions... msf payloadreversetcpdns set ACTION msf payloadreversetcpdns show options ...show...

HTTPS Fetch, Windows Reverse HTTP Stager (wininet)

Fetch and execute an x86 payload from an HTTPS server. Tunnel communication over HTTP Windows wininet Module Options msf use payload/cmd/windows/https/x86/meterpreter/reversehttp msf payloadreversehttp show actions ...actions... msf payloadreversehttp set ACTION msf payloadreversehttp show option...

HTTP Fetch, Reverse TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/peinject/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf payloadreversetcprc4 show options ...show and s...

HTTP Fetch, Bind TCP Stager with UUID Support (Windows x86)

Fetch and execute an x86 payload from an HTTP server. Listen for a connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/http/x86/vncinject/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf payloadbindtcpuuid show...

curl: CVE-2026-5545: wrong reuse of HTTP Negotiate connection

Summary: An attacker sharing a libcurl multi-handle connection pool can hijack another user's Negotiate/Kerberos-authenticated connection. When User A authenticates via Negotiate SPNEGO and the connection returns to the pool, User B using CURLAUTHANY with different credentials gets that connectio...

curl: Use-After-Free race condition in url_move_hostname() via shared connection pool

Summary: In lib/url.c, urlconnreuseadjust calls urlmovehostname which frees conn-host.rawalloc and conn-host.encalloc via Curlsafefree and Curlfreeidnconvertedhostname after Curlcpoolfind has already released the connection pool lock. A second thread doing a concurrent pool lookup still holds tha...

ROOT-OS-DEBIAN-13-CVE-2025-13034 CVE-2025-13034 in rootio-curl - Patched by Root

Root has patched CVE-2025-13034 in the rootio-curl package for Root:Debian:13. Multiple fixed versions available...

curl: HTTP/2 PUSH_PROMISE header loss on OOM bypasses scheme validation (regression of 2e8c922a89)

Summary: In lib/http2.c:1490, when curlmaprintf fails due to memory pressure, the push promise header is silently dropped but the callback returns success. If the lost header is the :scheme pseudo-header, the security check at line 733 that blocks HTTPS pushes over insecure connections is skipped...

Security update for curl (important)

openSUSE security update: security update for curl ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20404-1 Rating: important References: bsc1259362 bsc1259363 bsc1259364 bsc1259365 Cross-References: CVE-2026-1965 CVE-2026-3783 CVE-2026-3784...

EUVD-2025-209107

Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies o...

CVE-2025-15612

Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies o...

CVE-2025-15612 Wazuh Provisioning Scripts / Build Infrastructure Improper Certificate Validation leading to MITM and RCE

Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies o...

CVE-2025-15612

Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks to intercept and modify downloaded dependencies o...