curl 安全漏洞

curl is an open-source tool developed by cURL for transferring data from or to a server. Curl has a security vulnerability that stems from the incorrect reuse of existing HTTP proxy connections, which may lead to errors in processing new requests with different credentials...

curl 安全漏洞

curl is an open-source tool developed by cURL for transferring data from or to a server. Curl has a security vulnerability that stems from the use of data pointers pointing to freed memory during repeated SMB requests, which may lead to memory corruption...

PT-2026-24664

Name of the Vulnerable Software and Affected Versions curl affected versions not specified Description curl improperly reuses an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different credentials for the HTTP proxy. The expected behavi...

FreeBSD : curl -- Multiple vulnerabilties (1933737d-1d46-11f1-81da-8447094a420f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1933737d-1d46-11f1-81da-8447094a420f advisory. The curl project reports: Tenable has extracted the preceding description block directly from...

Linux Distros Unpatched Vulnerability : CVE-2026-3784

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The...

Linux Distros Unpatched Vulnerability : CVE-2026-3805

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory. CVE-2026-3805 Note that Nessus...

FreeBSD : curl -- Multiple vulnerabilities (086d53fa-1d47-11f1-81da-8447094a420f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 086d53fa-1d47-11f1-81da-8447094a420f advisory. The curl project reports: Multiple vulnerabilities Tenable has extracted the preceding...

curl 安全漏洞

curl is an open-source tool developed by cURL for transferring data from or to a server. Curl has a security vulnerability that arises from the use of OAuth2 bearer tokens for HTTPS transfers. In some cases, this vulnerability may lead to the token being leaked to another hostname...

curl 安全漏洞

curl is an open-source tool developed by cURL for transferring data from or to a server. Curl has a security vulnerability that stems from a logical error leading to improper reuse of connections. This allows requests using different credentials to mistakenly reuse the same connection...

Linux Distros Unpatched Vulnerability : CVE-2026-3783

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second...

curl: CURLOPT_UNRESTRICTED_AUTH Dangerous Default Documentation Gap

Summary: CURLOPTUNRESTRICTEDAUTH=1 instructs libcurl to send credentials to ALL hosts during redirect chains, 'possibly again and again as the following hosts can keep redirecting to new hosts.' The documentation explicitly warns this is dangerous, but the default behavior is also risky: curl onl...

curl: Connection Reuse Ignores OAuth Bearer Token Mismatch

Summary: The connection pool reuse function urlmatchconn in lib/url.c checks oauthbearer in its credential match block — but only for protocols marked as requiring per-connection credentials. For HTTP, OAuth bearer is passed as a header, not a protocol-level credential. If a libcurl application...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2026-1268)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2026-1232)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Astra Linux - уязвимость в curl

A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with just a slash as path path="/",. Since this site is not...

NewStart CGSL MAIN 6.06 (SP) : curl Vulnerability (NS-SA-2026-0032)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has curl packages installed that are affected by a vulnerability: - This flaw allows a malicious HTTP server to set super cookies in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows ...

Security Bulletin: Security vulnerabilities found in the Red Hat Universal Minimal Base Image shipped with CICS Transaction Gateway for Multiplatforms

Summary Security vulnerabilities found in the Red Hat Universal Base Image Minimal shipped with CICS Transaction Gateway for Multiplatforms. This fix resolves these vulnerability CVE-2025-9230, CVE-2025-9086, CVE-2025-9230. Vulnerability Details CVEID:CVE-2025-11083 DESCRIPTION: A vulnerability h...

curl: In curl's SASL OAUTHBEARER authentication, including the SOH character (0x01) in the username corrupts the message structure.

Summary: This vulnerability arises because curl fails to validate the contents of the username when constructing OAuth2 authentication messages. Depending on the server-side implementation, this could lead to log tampering or credential spoofing. Affected version curl 8.18.0...

curl: SSTI leads to Command injection

Summary: Hi ,team i 'am new reasercher search for pleasure excuse me for poor technical details. the parmeter os is vulnerable to SSTI leads to command injection Affected version curl/7.55.1 Steps To Reproduce: i tried to injected the os parmeter curl -ospopen'sleep 10'.read --url...

Ubuntu: Security Advisory (USN-8062-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...