JLSEC-2026-425 URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl into saving the output file...

URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool...

CVE-2025-11563

URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool...

CVE-2025-11563 wcurl path traversal with percent-encoded slashes

URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool...

CVE-2025-11563

CVE-2025-11563 corresponds to a path traversal vulnerability in wcurl (the curl tool component). The issue arises in wcurl versions prior to 2025-11-04, enabling path traversal when URLs contain a percent-encoded slash. Documented across multiple feeds (OSV, Ubuntu/Debian advisories, and vendor/N...