CVE-2026-33752

curlcffi is the a Python binding for curl. Prior to 0.15.0, curlcffi does not restrict requests to internal IP ranges, and follows redirects automatically via the underlying libcurl. Because of this, an attacker-controlled URL can redirect requests to internal services such as cloud metadata...

CVE-2026-33752 Redirect-based SSRF leading to internal network access in curl_cffi (with TLS impersonation bypass)

curlcffi is the a Python binding for curl. Prior to 0.15.0, curlcffi does not restrict requests to internal IP ranges, and follows redirects automatically via the underlying libcurl. Because of this, an attacker-controlled URL can redirect requests to internal services such as cloud metadata...

curl_cffi 代码问题漏洞

curlcffi is a Python HTTP client library developed by Lexiforest personal developers, which supports browser fingerprint simulation. Versions of curlcffi prior to 0.15.0 have code vulnerabilities. These vulnerabilities stem from the lack of restrictions on requests directed to internal IP ranges,...

alpaxa-quant (>=1.0.0 <=1.0.2), auto-archiver (>=1.1.5 <=1.2.7) +67 more potentially affected by CVE-2026-33752 via curl-cffi (>=0.10.0 <=0.14.0)

curl-cffi PYPI version =0.10.0, =1.0.0, =1.1.5, =2.0.0, =0.1.0, =0.0.32, =0.3.0, =0.0.1, =0.1.0, =0.1.0, =3.1.9, =7.0.0, =8.10.0 - dailymotionx =0.2.0 and more Source cves: CVE-2026-33752 Source advisory: OSV:GHSA-QW2M-4PQF-RMPP...

203-python-project-rc (>=0.2.0 <=0.2.2), 5mghost-rover (>=0.0.1 <=0.0.26) +1767 more potentially affected by CVE-2026-33752 via curl-cffi (>=0.10.0 <=0.15.0)

curl-cffi PYPI version =0.10.0, =0.2.0, =0.0.1, =1.0.0, =0.2.1, =0.1.3, =0.1.0, =0.2.0, =1.1.0, =0.1.1, =0.0.2, =0.4.0, =0.1.0, =0.1.8 and more Source cves: CVE-2026-33752 Source advisory: SNYK:PYTHON-CURLCFFI-15907859...

Server-side Request Forgery (SSRF)

Overview curl-cffi is a python binding for curl-impersonate via cffi. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the handling of user-supplied URLs and automatic redirect following in the get function. An attacker can access internal network resources...

PT-2026-30271

Name of the Vulnerable Software and Affected Versions curl cffi affected versions not specified Description curl cffi does not restrict requests to internal IP ranges and automatically follows redirects via libcurl. This allows an attacker-controlled URL to redirect requests to internal services,...

Heap-based Buffer Overflow

Overview curl-cffi is a python binding for curl-impersonate via cffi. Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the SOCKS5 proxy handshake process when the hostname is longer than the target buffer and larger than 255 bytes. The local variable...