DEBIAN-CVE-2026-3783

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...

ALPINE-CVE-2026-3805

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

CVE-2026-3783

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...

CVE-2026-1965

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

CVE-2026-3805 use after free in SMB connection reuse

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

CVE-2026-3805

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

CVE-2026-3805 use after free in SMB connection reuse

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

CVE-2026-3805

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

CVE-2026-3805

CVE-2026-3805 describes a heap-use-after-free in curl’s SMB connection reuse. During needle-based connection reuse, curl sets req->path to point inside the connection-owned smbc->share memory. When the needle is freed, smbc->share is freed as well, but req->path on the easy handle rem...

CVE-2026-3805

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

CVE-2026-3784 wrong proxy connection reuse with credentials

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...

CVE-2026-3784

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...

CVE-2026-3784

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...

CVE-2026-3783

CVE-2026-3783 affects curl: when using an OAuth2 bearer token for an HTTP(S) transfer that is redirected to a second URL, curl may leak the first host’s bearer token to the second host if the redirected-to hostname has .netrc machine/default entries. This is a token leakage vulnerability tied to ...

CVE-2026-1965

CVE-2026-1965 concerns a vulnerability in libcurl where, under Negotiate authentication, a live connection could be reused for a different user’s credentials. The issue arises because Negotiate sometimes authenticates connections rather than individual requests, allowing a second request to reuse...

bad reuse of HTTP Negotiate connection

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

CURL-CVE-2026-3784 wrong proxy connection reuse with credentials

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...

CURL-CVE-2026-3805 use after free in SMB connection reuse

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...

CURL-CVE-2026-3783 token leak with redirect and netrc

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...

curl: NULL Pointer Dereference (DoS) in libcurl SFTP QUOTE command parsing due to missing return statement

Summary: A logic flaw in lib/vssh/libssh2.c causes a NULL pointer dereference when parsing SFTP QUOTE commands with trailing garbage. The function returnquoteerror is called to handle errors and free memory, but the return keyword is missing in several blocks e.g., lines 840, 857, 870. This allow...