libcurl 7.88.0 < 8.21.0 HTTP/2 Stream-Dependency Tree Use-After-Free

The version of libcurl installed on the remote host is 7.88.0 prior to 8.21.0. It is, therefore, affected by a use-after-free vulnerability: - A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree and subsequently invokes curleasyreset...

libcurl 8.8.0 < 8.21.0 Stale Proxy Password Leak

The version of libcurl installed on the remote host is 8.8.0 prior to 8.21.0. It is, therefore, affected by a credential disclosure vulnerability: - libcurl had a flaw that when instructed to clear proxy authentication credentials, it did not do so, leaving the old credentials around to get used...

libcurl 7.7 < 8.21.0 Incomplete mTLS Config Matching in Connection Reuse

The version of libcurl installed on the remote host is 7.7 prior to 8.21.0. It is, therefore, affected by an improper certificate validation vulnerability: - libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited...

libcurl 7.43.0 < 8.21.0 Wrong Negotiate Connection Reuse

The version of libcurl installed on the remote host is 7.43.0 prior to 8.21.0. It is, therefore, affected by an improper connection reuse vulnerability: - libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use...

libcurl 8.17.0 < 8.21.0 Native CA Trust Persist

The version of libcurl installed on the remote host is 8.17.0 prior to 8.21.0. It is, therefore, affected by an improper certificate validation vulnerability: - An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches th...

libcurl 8.13.0 < 8.21.0 Use-After-Free in Socket Callback

The version of libcurl installed on the remote host is 8.13.0 prior to 8.21.0. It is, therefore, affected by a use-after-free vulnerability: - Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability. CVE-2026-9080 Note that Nessus has n...

libcurl 7.12.0 < 8.21.0 Cross-Proxy Digest Auth State Leak

The version of libcurl installed on the remote host is 7.12.0 prior to 8.21.0. It is, therefore, affected by a proxy credential disclosure vulnerability: - When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy...

libcurl 7.69.0 < 8.21.0 SSH Improper Host Validation

The version of libcurl installed on the remote host is 7.69.0 prior to 8.21.0. It is, therefore, affected by an improper host validation vulnerability: - When a libcurl-based application performs transfers via SCP or SFTP and utilizes the CURLOPTSSHKEYFUNCTION callback, it may silently accept an...

libcurl 8.18.0 < 8.21.0 Persistent Referer Header Information Disclosure

The version of libcurl installed on the remote host is 8.18.0 prior to 8.21.0. It is, therefore, affected by an information disclosure vulnerability: - A vulnerability in libcurl caused the HTTP Referer header to persist even when explicitly cleared, potentially leaking sensitive information to...

libcurl 7.10.6 < 8.21.0 Cross-Origin Digest Auth State Leak

The version of libcurl installed on the remote host is 7.10.6 prior to 8.21.0. It is, therefore, affected by a credential disclosure vulnerability: - Successfully using libcurl with Digest authentication and then changing the origin to a different host for a second transfer, reusing the same...

UBUNTU-CVE-2026-9546

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result, the previous referrer string was erroneously...

CURL-CVE-2026-8927 env-set cross-proxy Digest auth state leak

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

CURL-CVE-2026-11856 cross-origin Digest auth state leak

Successfully using libcurl to do a transfer to a specific HTTP origin hostA with Digest authentication and then changing the origin to a different one hostB for a second transfer, reusing the same handle, makes libcurl wrongly pass on the Authorization: header field meant for hostA, to hostB...

CURL-CVE-2026-10536 HTTP/2 stream-dependency tree UAF

A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...

CURL-CVE-2026-9546 sending old referer

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result, the previous referrer string was erroneously...

UAF after pause in socket callback

Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed...

HTTP/2 stream-dependency tree UAF

A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...

CURL-CVE-2026-8458 wrong reuse for different services

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different "services". libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

CURL-CVE-2026-9080 UAF after pause in socket callback

Calling curleasypause within the event-based CURLMOPTSOCKETFUNCTION callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed...

CURL-CVE-2026-9079 stale proxy password leak

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them...