Search CVE reports

Toggle filters

1 – 10 of 190 results

CVE-2026-6429

Medium priority
Vulnerable

When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances. Similar to CVE-2024-11053.

1 affected package

curl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
curl Needs evaluation Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2026-6276

Low priority
Vulnerable

Using libcurl, when a custom `Host:` header is first set for a HTTP request and a second request is subsequently done using the same *easy handle* but without the custom `Host:` header set, the second request would use...

1 affected package

curl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
curl Needs evaluation Vulnerable Vulnerable Not affected Not affected
Show less packages

CVE-2026-6253

Medium priority
Vulnerable

curl might erroneously pass on credentials for a first proxy to a second proxy.

1 affected package

curl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
curl Needs evaluation Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2026-5773

Low priority
Vulnerable

libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers.

1 affected package

curl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
curl Needs evaluation Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2026-5545

Medium priority
Vulnerable

libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTP(S) request after a Negotiate-authenticated one, when both use the same host.

1 affected package

curl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
curl Needs evaluation Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2026-4873

Low priority
Vulnerable

A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent...

1 affected package

curl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
curl Needs evaluation Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2026-7168

Medium priority
Needs evaluation

cross-proxy Digest auth state leak

1 affected package

curl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
curl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-7009

Medium priority
Not affected

OCSP stapling bypass with Apple SecTrust

1 affected package

curl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
curl Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2026-3805

Medium priority
Fixed

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.

1 affected package

curl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
curl Not affected Not affected Not affected Not affected
Show less packages

CVE-2026-3784

Low priority
Fixed

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.

1 affected package

curl

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
curl Fixed Fixed Fixed Fixed Fixed
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. 3
  5. 4
  6. 5
  7. Next page
Export to JSON