Skip to main content

Curl

117 CVEs product

Monthly

CVE-2026-10536 CRITICAL PATCH Act Now

Use-after-free in libcurl's HTTP/2 stream-dependency handling affects a wide range of curl releases (7.88.0 through 8.20.0) when an application sets CURLOPT_STREAM_DEPENDS or CURLOPT_STREAM_DEPENDS_E, then calls curl_easy_reset() before curl_easy_cleanup(); the reset frees an internal priority structure that cleanup later re-accesses. Despite the NVD 9.8 CVSS rating, the flaw is only reachable through a specific application-controlled API call sequence rather than remote attacker input, and is tagged Information Disclosure. No public exploit identified at time of analysis, EPSS is low (0.21%, 11th percentile), and it is not listed in CISA KEV.

Information Disclosure Memory Corruption Use After Free Curl Red Hat
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-8925 CRITICAL PATCH Act Now

Memory-safety defect (double-free) in curl's SASL authentication path affects versions 8.15.0 through 8.20.0 when built with GSASL support: the GSASL context is cleaned up twice without the intervening pointer being cleared, causing the same allocation to be free()'d twice. A malicious or malfunctioning mail/auth server exercising the SASL handshake could trigger the condition, potentially corrupting heap memory and at minimum crashing the client. No public exploit identified at time of analysis, and the EPSS score is low (0.25%, 16th percentile) despite the headline CVSS of 9.8.

Information Disclosure Curl
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-11586 HIGH PATCH This Week

Denial of service in curl 8.16.0 through 8.20.0 lets a malicious WebSocket server exhaust all client memory by flooding it with rapid, sequential PING frames. Because curl auto-responds to PINGs by default and imposes no upper bound on memory buffered for unacknowledged frames, the queue of pending PONG responses grows unbounded until the process is OOM-killed. EPSS is low (0.21%, 11th percentile) and there is no public exploit identified at time of analysis, consistent with an availability-only issue affecting the subset of deployments that actually use curl's WebSocket support.

Denial Of Service Curl Red Hat
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-11352 HIGH PATCH This Week

Remote denial of service in curl and libcurl (versions 8.18.0 through 8.20.0) lets a malicious or compromised HTTP/3 server indefinitely stall a connecting client. The flaw lives in curl's QUIC UDP receive path, where zero-length UDP datagrams are discarded before they are counted against the per-call packet budget, so a peer that streams a continuous flood of empty datagrams keeps the receive loop spinning without ever making progress. There is no public exploit identified at time of analysis, EPSS risk is low (0.28%, 20th percentile), and impact is availability-only (no data compromise).

Denial Of Service Curl Red Hat
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-9547 HIGH PATCH This Week

Host key verification bypass in libcurl affects applications using the CURLOPT_SSH_KEYFUNCTION callback for SCP:// or SFTP:// transfers, where a server presenting a host key of a different type than the one already recorded in known_hosts is silently accepted instead of rejected. This lets a network-positioned attacker impersonate a trusted SSH server and mount a man-in-the-middle attack, exposing and tampering with transferred data. There is no public exploit identified at time of analysis, and the EPSS probability is low (0.19%, 9th percentile), reflecting the specific application configuration and attacker positioning required.

Information Disclosure Curl
NVD VulDB
CVSS 3.1
7.4
EPSS
0.2%
CVE-2026-8286 HIGH PATCH This Week

Information disclosure and integrity exposure in curl/libcurl occurs when a new transfer that uses STARTTLS to upgrade a connection may reuse an already-established live connection whose TLS configuration does not match the requested one, so data intended for a strictly-configured secure channel can traverse a connection negotiated under different (potentially weaker or unverified) TLS settings. The flaw affects a very wide range of curl releases from 7.30.0 through 8.20.0 and is tagged as Information Disclosure with high confidentiality and integrity impact (CVSS 8.1). It is not listed in CISA KEV, EPSS is low (0.20%, 9th percentile), and no public exploit code is identified at time of analysis.

Information Disclosure Curl
NVD VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-12064 HIGH PATCH This Week

SSH host-key verification bypass in curl/libcurl (versions through 8.20.0) lets a network man-in-the-middle silently impersonate an SFTP/SCP server when a user invokes curl with a schemeless URL plus '--proto-default sftp' (or scp). In this specific invocation the command-line tool layer misidentifies the scheme and skips setting CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 and CURLOPT_SSH_KNOWNHOSTS, while libcurl still honors CURLOPT_DEFAULT_PROTOCOL and completes the connection, so curl connects to an unverified host without any error. Tagged an Authentication Bypass; EPSS is low (0.21%, 11th percentile) and no public exploit was identified at time of analysis.

Authentication Bypass Curl Red Hat
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-11856 CRITICAL PATCH Act Now

Cross-origin credential leakage in libcurl (curl 7.10.6 through 8.20.0) causes the HTTP Digest 'Authorization:' header computed for one origin (hostA) to be wrongly reused on a subsequent transfer to a different origin (hostB) when an application reuses the same easy handle. This exposes Digest authentication credentials to an unintended, potentially attacker-controlled host, and is tracked as an Information Disclosure issue (EUVD-2026-41501). No public exploit identified at time of analysis; EPSS is low at 0.25% (16th percentile) and it is not in CISA KEV, so this is a latent credential-exposure bug rather than a demonstrated mass-exploitation threat.

Information Disclosure Curl Red Hat
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-8932 HIGH This Week

Incorrect mTLS connection reuse in libcurl (curl releases through 8.16.0) causes the library to reuse a pooled TLS connection even after client-certificate options - notably the private key - were changed in a way that should have forced a fresh handshake. Because those client-certificate settings were omitted from the connection-match logic, a later transfer can be sent over a connection authenticated with the wrong client identity, an integrity failure tagged as information disclosure. Rated CVSS 7.5 (C:N/I:H/A:N); EPSS is only 0.13% and there is no public exploit identified at time of analysis, though a HackerOne report (#3733910) drove the private disclosure.

Information Disclosure Curl
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-11564 CRITICAL PATCH Act Now

TLS certificate-trust confusion in libcurl (curl 8.17.0 through 8.20.0) lets a reused pooled connection retain trust in the native platform CA store even after the application reconfigures the same easy handle to use custom CA material for a later transfer. An attacker positioned to intercept traffic could present a certificate valid under the native store - which the application intended to no longer trust - to silently intercept or spoof the connection. Rated CVSS 9.1, but EPSS is only 0.20% (9th percentile) and there is no public exploit identified at time of analysis, reflecting the narrow application-usage prerequisite rather than a broadly weaponizable flaw.

Information Disclosure Curl Red Hat
NVD VulDB
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-9080 HIGH PATCH This Week

Use-after-free in libcurl 8.13.0 through 8.20.0 occurs when an application calls curl_easy_pause() from inside an event-based CURLMOPT_SOCKETFUNCTION callback, causing libcurl to write a flag through a struct pointer whose backing memory was just freed. Affected are applications built on the curl multi interface using event-based socket callbacks; the flaw can lead to memory corruption or limited information disclosure (tagged Information Disclosure) with low confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, it is not in CISA KEV, and EPSS is low at 0.21% (11th percentile), consistent with a niche triggering pattern rather than mass exploitation.

Information Disclosure Use After Free Memory Corruption Curl
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2026-8927 CRITICAL PATCH Act Now

Proxy credential leakage in libcurl (curl) occurs when a single reused easy handle drives sequential transfers through different environment-variable-configured proxies: after Digest-authenticating to proxyA, libcurl fails to reset the proxy authentication state, so the `Proxy-Authorization:` header meant for proxyA is resent to proxyB. Any application relying on handle reuse with env-var proxy settings and multiple upstream proxies can disclose proxyA's credentials to an unauthorized proxy operator. EPSS is low (0.25%, 16th percentile), it is not on CISA KEV, and no public exploit identified at time of analysis - this is a credential-confidentiality issue rather than a code-execution flaw.

Information Disclosure Curl
NVD VulDB
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-8924 CRITICAL PATCH Act Now

Cross-domain cookie injection in curl (versions 7.46.0 through 8.20.0) lets a malicious or compromised HTTP server set 'super cookies' that bypass the Public Suffix List (PSL) safeguard, causing curl to scope attacker-supplied cookies to unrelated third-party domains and transmit them on later requests. Rated CVSS 9.1 and tagged as an authentication bypass, the flaw undermines cookie origin isolation, but EPSS is low at 0.22% (12th percentile), there is no CISA KEV listing, and no public exploit was identified at time of analysis. A patched release is available from the curl project.

Authentication Bypass Curl
NVD VulDB
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-9079 CRITICAL PATCH Act Now

Proxy-credential leakage in libcurl (curl 8.8.0 through 8.20.0) occurs because a request to clear previously set proxy authentication credentials is silently ignored, so the stale username/password remain attached to the reused easy handle and are sent on later transfers that were never meant to use them. This is an information-disclosure defect (tagged Information Disclosure, EUVD-2026-41510) affecting applications that reuse libcurl handles across multiple proxied requests. No public exploit identified at time of analysis and EPSS is low (0.25%, 16th percentile), consistent with a coding/logic flaw rather than a directly weaponizable remote bug.

Information Disclosure Curl
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-9545 HIGH PATCH This Week

Information disclosure in libcurl (curl 8.11.0 through 8.20.0) allows a network man-in-the-middle to capture sensitive request data when TLS early data (0-RTT) is combined with SSL session ID caching. If an application enables the CURLSSLOPT_EARLYDATA bit and leaves the session cache active, libcurl can transmit a resumed request's bytes on a reconnection before it enforces a certificate verification failure, so an attacker who impersonates the original host without a valid certificate may receive the leaked data. No public exploit identified at time of analysis, and EPSS is low (0.13%), reflecting the non-default configuration and active-MITM prerequisite.

Information Disclosure Curl
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-9546 HIGH This Week

Information disclosure in libcurl (versions 8.18.0 through 8.20.0) causes the HTTP Referer header to persist on a reused easy handle even after an application explicitly clears it by passing NULL to CURLOPT_REFERER. Because the internal referrer state is not reset, a previously set referrer string is silently re-sent on later requests, potentially leaking sensitive URL data (paths, tokens, or query parameters) to unintended destination servers. There is no public exploit identified at time of analysis, EPSS risk is low (0.21%, 11th percentile), and it is not listed in CISA KEV.

Information Disclosure Curl
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-8458 MEDIUM PATCH This Month

Wrong connection reuse across different services in curl/libcurl up to 8.20.0 allows curl's connection pool to incorrectly match and reuse an existing connection when the target service differs from the one originally used to establish that connection. This is part of a coordinated batch of 19 CVEs fixed in curl 8.21.0, released June 24, 2026. No public exploit or active exploitation has been identified; the curl project rates this LOW severity, consistent with limited real-world attack surface requiring specific multi-service usage patterns.

Information Disclosure Curl
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-8926 CRITICAL PATCH Act Now

Credential disclosure in curl 8.11.1 through 8.20.0 (and earlier) lets curl silently substitute the wrong password when .netrc lookup is combined with a URL that carries a username but no password, such as https://user@example.com/. When no matching entry exists for the specified user, curl falls back to a different user's password stored for that same host and transmits it during authentication, potentially leaking one user's secret to a server or to an unintended account. Publicly available exploit-flow details exist via the originating HackerOne report; EPSS is low (0.20%, 9th percentile) and it is not in CISA KEV.

Information Disclosure Curl
NVD VulDB
CVSS 3.1
9.1
EPSS
0.2%
CVE-2026-5773 HIGH PATCH This Week

Improper SMB connection reuse in curl allows attackers to cause the library to send confidential request data over an attacker-controlled or unintended SMB connection, breaking the expected isolation between connections. The flaw affects a wide range of curl versions used in countless Linux distributions and embedded products, with a CVSS of 7.5 (confidentiality impact only). No public exploit identified at time of analysis, though SSVC marks exploitation as POC and EPSS remains very low (0.02%, 5th percentile).

SSRF Curl
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-6276 HIGH PATCH This Week

Cookie leakage in curl (libcurl) versions 7.71.0 through 8.19.0 allows remote servers to receive cookies intended for a different host when a stale custom cookie host value persists across requests. The flaw, tracked as CWE-319 (cleartext transmission of sensitive information), carries a CVSS 7.5 and SSVC 'partial' technical impact, with no public exploit identified at time of analysis and an EPSS of 0.01%.

Apple Information Disclosure Jenkins Curl
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-6253 MEDIUM PATCH This Month

Proxy credentials in curl leak to unintended destinations when an HTTP redirect points to a proxy endpoint, exposing authentication material beyond its intended scope. This affects the curl library and CLI tool (haxx:curl) across a broad version range from 7.14.1 through 8.19.0, as enumerated in EUVD-2026-29927. A proof of concept exists per SSVC classification (Exploitation: poc), the vendor has issued a patch coordinated via oss-security and HackerOne report #3669637, and downstream distributors Red Hat (RHSA-2026:12916) and SUSE (multiple SU advisories) have released updates.

Apple Information Disclosure Curl
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-4873 MEDIUM PATCH This Month

Connection reuse logic in curl ignores TLS requirements, causing sensitive data to be transmitted in cleartext over channels that should be TLS-encrypted. When curl's connection pool reuses an existing non-encrypted connection to fulfill a subsequent HTTPS request, credentials, tokens, or request payloads may traverse the network without encryption. Affects curl versions 7.20.0 through 8.19.0 (cpe:2.3:a:haxx:curl); no public exploit is identified at time of analysis, SSVC confirms exploitation: none, and EPSS stands at 0.01% (2nd percentile).

Buffer Overflow Curl
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-5545 MEDIUM PATCH This Month

Wrong reuse of HTTP Negotiate-authenticated connections in curl exposes a high-integrity-impact vulnerability where subsequent HTTP requests may inherit an authentication context they should not, potentially allowing requests to be dispatched under incorrect Negotiate (Kerberos/NTLM/SPNEGO) credentials. Affecting an extraordinarily broad version range - curl 7.10.6 through at least 8.19.0 per EUVD data - this flaw was coordinated and disclosed by curl maintainer Daniel Stenberg via oss-security on 2026-04-29 alongside three related connection-reuse CVEs. No public exploit code has been identified and no active exploitation has been confirmed; a vendor-released patch is available, with downstream fixes confirmed by Red Hat (RHSA-2026:12916) and SUSE.

Information Disclosure Curl
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-3805 HIGH POC PATCH This Week

Curl's SMB implementation contains a use-after-free vulnerability that causes denial of service when processing consecutive requests to the same host, as the library incorrectly dereferences freed memory on subsequent connections. Public exploit code exists for this vulnerability affecting Curl installations. An attacker can crash Curl-based applications or services by triggering multiple SMB requests, though remote code execution is not possible due to the nature of the memory corruption.

Use After Free Curl Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-3784 MEDIUM POC PATCH CISA This Month

curl's HTTP proxy connection reuse mechanism fails to validate credential changes, allowing an attacker to intercept or manipulate traffic by leveraging an existing proxy connection established with different authentication. This affects users whose applications reuse proxy connections across requests with varying credentials, enabling credential confusion attacks. Public exploit code exists for this vulnerability, though a patch is available.

Information Disclosure Curl
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-3783 MEDIUM POC PATCH This Month

OAuth2 bearer token leakage in curl and .NET occurs when HTTP redirects are followed to a second hostname that matches entries in the .netrc configuration file, allowing attackers to obtain valid authentication tokens for unintended hosts. Public exploit code exists for this vulnerability affecting curl and .NET applications that rely on OAuth2 authentication with automatic redirect handling. This medium-severity vulnerability (CVSS 5.3) requires network access but no user interaction, and patches are available from vendors.

.NET Curl Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-1965 MEDIUM PATCH This Month

libcurl incorrectly reuses authenticated connections when processing Negotiate authentication requests, allowing an attacker with valid credentials to access resources authenticated under different user accounts. An authenticated attacker can exploit this connection pooling logic error to bypass authentication checks by reusing an existing connection that was authenticated with different credentials. This affects libcurl implementations using Negotiate authentication where multiple users access the same server.

Information Disclosure Curl Red Hat Suse
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-15079 MEDIUM POC PATCH This Month

When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file. [CVSS 5.3 MEDIUM]

SSH Information Disclosure Curl Suse Red Hat
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-14819 MEDIUM PATCH This Month

When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. [CVSS 5.3 MEDIUM]

TLS Curl Suse Red Hat
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-14524 MEDIUM POC PATCH This Month

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host. [CVSS 5.3 MEDIUM]

LDAP Curl Suse Red Hat
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-14017 MEDIUM PATCH This Month

When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. [CVSS 6.3 MEDIUM]

TLS LDAP Curl Red Hat Suse
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-13034 MEDIUM PATCH This Month

When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the server certificate to verify the peer. [CVSS 5.9 MEDIUM]

Authentication Bypass Curl Suse Red Hat
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-10148 MEDIUM PATCH This Month

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Curl Red Hat Suse
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-5399 HIGH POC PATCH This Week

Denial of Service vulnerability in libcurl's WebSocket implementation that allows a malicious server to send a specially crafted packet triggering an endless busy-loop, forcing applications to kill the affected thread or process to recover. This affects all libcurl versions with WebSocket support, with CVSS 7.5 (High) severity due to network-accessible attack vector requiring no authentication. The vulnerability has high real-world impact for any application using libcurl for WebSocket connections, though exploitation requires active malicious server control.

Information Disclosure Curl Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-5025 MEDIUM POC PATCH Monitor

libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Red Hat Suse
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2025-4947 MEDIUM POC PATCH This Week

libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Red Hat Suse
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-0725 HIGH POC PATCH This Month

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Hci Baseboard Management Controller Hci H610S Firmware Hci H610C Firmware Hci H615C Firmware +6
NVD GitHub
CVSS 3.1
7.3
EPSS
0.5%
CVE-2025-0665 HIGH POC PATCH This Week

A double-close vulnerability exists in libcurl when tearing down connection channels after threaded name resolution, causing the same eventfd file descriptor to be closed twice. This affects curl version 8.11.1 and various NetApp products that bundle libcurl, potentially leading to file descriptor confusion, limited information disclosure, and high availability impact. A public proof-of-concept exploit is available (HackerOne report 2954286), and the vulnerability has a notably high EPSS score of 6.37% (91st percentile), indicating elevated real-world exploitation likelihood.

Mozilla Denial Of Service Use After Free Bootstrap Os H410c Firmware +8
NVD VulDB
CVSS 3.1
7.0
EPSS
6.4%
CVE-2025-0167 LOW POC Monitor

When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Element Software Ontap Ontap Select Deploy Administration Utility +13
NVD
CVSS 3.1
3.4
EPSS
0.3%
CVE-2023-46219 MEDIUM POC This Month

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-46218 MEDIUM POC PATCH This Month

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Fedora
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-38039 HIGH POC THREAT This Week

When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Curl Fedora Windows 10 1809 Windows 10 21h2 +6
NVD
CVSS 3.1
7.5
EPSS
62.2%
CVE-2023-28322 LOW POC Monitor

An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora macOS Clustered Data Ontap +5
NVD
CVSS 3.1
3.7
EPSS
2.2%
CVE-2023-28321 MEDIUM POC This Month

An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Debian Linux Fedora Clustered Data Ontap +6
NVD
CVSS 3.1
5.9
EPSS
1.8%
CVE-2023-28320 MEDIUM POC This Month

A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Curl macOS Clustered Data Ontap Ontap Antivirus Connector +4
NVD
CVSS 3.1
5.9
EPSS
2.7%
CVE-2023-28319 HIGH POC This Week

A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Curl macOS +6
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2023-27534 HIGH POC This Week

A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Curl Fedora Active Iq Unified Manager +6
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2023-27533 HIGH POC This Week

A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Curl Fedora Active Iq Unified Manager Clustered Data Ontap +5
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2023-23916 MEDIUM POC This Month

An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Curl Fedora Debian Linux H300s Firmware +5
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2023-23915 MEDIUM This Month

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Curl Active Iq Unified Manager Clustered Data Ontap H300s Firmware +4
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-23914 CRITICAL POC Act Now

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Active Iq Unified Manager Clustered Data Ontap H300s Firmware +4
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2022-43551 HIGH POC THREAT This Week

A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Curl Fedora Active Iq Unified Manager Oncommand Insight +3
NVD
CVSS 3.1
7.5
EPSS
16.5%
CVE-2022-35260 MEDIUM POC This Month

curl can be told to parse a `.netrc` file for credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Curl Clustered Data Ontap H300s Firmware +5
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2022-32221 CRITICAL POC Act Now

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Clustered Data Ontap H300s Firmware H500s Firmware +5
NVD
CVSS 3.1
9.8
EPSS
4.3%
CVE-2022-42915 HIGH This Week

curl before 7.86.0 has a double free. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Curl Fedora H300s Firmware H500s Firmware +5
NVD
CVSS 3.1
8.1
EPSS
2.9%
CVE-2022-42916 HIGH This Week

In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Curl Fedora macOS Universal Forwarder
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2022-35252 LOW POC Monitor

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Clustered Data Ontap Element Software Hci Management Node +9
NVD
CVSS 3.1
3.7
EPSS
1.8%
CVE-2022-32208 MEDIUM POC This Month

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection Curl Fedora Debian Linux Clustered Data Ontap +10
NVD
CVSS 3.1
5.9
EPSS
6.8%
CVE-2022-32207 CRITICAL POC Act Now

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora Debian Linux Clustered Data Ontap +10
NVD
CVSS 3.1
9.8
EPSS
6.8%
CVE-2022-32206 MEDIUM POC PATCH THREAT This Month

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Curl Fedora Debian Linux Clustered Data Ontap +15
NVD
CVSS 3.1
6.5
EPSS
32.0%
CVE-2022-32205 MEDIUM POC PATCH THREAT This Month

A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Curl Fedora Debian Linux Clustered Data Ontap +15
NVD
CVSS 3.1
4.3
EPSS
26.9%
CVE-2022-30115 MEDIUM POC PATCH This Month

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Curl Hci Bootstrap Os Clustered Data Ontap Solidfire Enterprise Sds Hci Storage Node +6
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2022-27780 HIGH POC This Week

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Hci Bootstrap Os Clustered Data Ontap Solidfire Enterprise Sds Hci Storage Node +6
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-27779 MEDIUM POC This Month

libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Hci Bootstrap Os Clustered Data Ontap Solidfire Enterprise Sds Hci Storage Node +7
NVD
CVSS 3.1
5.3
EPSS
2.4%
CVE-2022-27778 HIGH POC PATCH This Week

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Active Iq Unified Manager Clustered Data Ontap Oncommand Insight +10
NVD
CVSS 3.1
8.1
EPSS
3.5%
CVE-2022-27776 MEDIUM POC This Month

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora Debian Linux Hci Bootstrap Os +9
NVD
CVSS 3.1
6.5
EPSS
3.4%
CVE-2022-27775 HIGH POC This Week

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Debian Linux Hci Bootstrap Os Clustered Data Ontap +9
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2021-22947 MEDIUM POC PATCH This Month

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Code Injection Curl Fedora Debian Linux Cloud Backup +22
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2021-22946 HIGH POC PATCH This Week

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Debian Linux Fedora Cloud Backup +25
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2021-22926 HIGH POC PATCH This Week

libcurl-using applications can ask for a specific client certificate to be used in a transfer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Apple Curl Active Iq Unified Manager Clustered Data Ontap +16
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22923 MEDIUM POC PATCH This Month

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Curl Fedora Cloud Backup Clustered Data Ontap +12
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2021-22922 MEDIUM POC PATCH This Month

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Fedora Cloud Backup Clustered Data Ontap +12
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2021-22901 HIGH POC PATCH THREAT This Week

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Use After Free OpenSSL Memory Corruption RCE Curl +25
NVD GitHub
CVSS 3.1
8.1
EPSS
60.1%
CVE-2021-22898 LOW POC PATCH Monitor

curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Curl Debian Linux Fedora Communications Cloud Native Core Binding Support Function +8
NVD GitHub
CVSS 3.1
3.1
EPSS
0.1%
CVE-2021-22897 MEDIUM POC PATCH This Month

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Network Function Cloud Native Environment Communications Cloud Native Core Network Repository Function +18
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.8%
CVE-2020-8284 LOW PATCH Monitor

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Curl Fedora Debian Linux Clustered Data Ontap +19
NVD
CVSS 3.1
3.7
EPSS
0.1%
CVE-2020-8177 HIGH POC PATCH This Week

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Curl Debian Linux M10 1 Firmware M10 4 Firmware +6
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-8169 HIGH POC PATCH This Week

curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Simatic Tim 1531 Irc Firmware Debian Linux Sinec Infrastructure Network Services +1
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2019-5482 CRITICAL PATCH Act Now

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow Curl Fedora Leap +14
NVD VulDB
CVSS 3.1
9.8
EPSS
6.9%
CVE-2019-5481 CRITICAL PATCH Act Now

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Curl Fedora Cloud Backup Steelstore +8
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2019-5443 HIGH PATCH This Week

A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine"). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection OpenSSL RCE Curl Enterprise Manager Ops Center +7
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2019-5435 LOW POC Monitor

An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Curl
NVD
CVSS 3.0
3.7
EPSS
4.9%
CVE-2018-16842 CRITICAL PATCH Act Now

Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow Curl Ubuntu Linux +1
NVD GitHub
CVSS 3.0
9.1
EPSS
2.1%
CVE-2018-16840 CRITICAL PATCH Act Now

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Curl Ubuntu Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
3.4%
CVE-2018-16839 CRITICAL PATCH Act Now

Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Denial Of Service Buffer Overflow Curl Debian Linux +1
NVD GitHub
CVSS 3.0
9.8
EPSS
5.8%
CVE-2018-0500 CRITICAL POC PATCH Act Now

Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Curl Ubuntu Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
6.4%
CVE-2018-1000301 CRITICAL PATCH Act Now

curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Information Disclosure Buffer Overflow Debian Linux Ubuntu Linux +7
NVD VulDB
CVSS 3.1
9.1
EPSS
2.8%
CVE-2018-1000300 CRITICAL PATCH Act Now

curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Denial Of Service Buffer Overflow Curl Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
4.9%
CVE-2018-1000122 CRITICAL PATCH Act Now

A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow Debian Linux Ubuntu Linux +7
NVD
CVSS 3.0
9.1
EPSS
9.4%
CVE-2018-1000121 HIGH PATCH This Week

A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Debian Linux Ubuntu Linux Curl +6
NVD
CVSS 3.0
7.5
EPSS
9.6%
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free in libcurl's HTTP/2 stream-dependency handling affects a wide range of curl releases (7.88.0 through 8.20.0) when an application sets CURLOPT_STREAM_DEPENDS or CURLOPT_STREAM_DEPENDS_E, then calls curl_easy_reset() before curl_easy_cleanup(); the reset frees an internal priority structure that cleanup later re-accesses. Despite the NVD 9.8 CVSS rating, the flaw is only reachable through a specific application-controlled API call sequence rather than remote attacker input, and is tagged Information Disclosure. No public exploit identified at time of analysis, EPSS is low (0.21%, 11th percentile), and it is not listed in CISA KEV.

Information Disclosure Memory Corruption Use After Free +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Memory-safety defect (double-free) in curl's SASL authentication path affects versions 8.15.0 through 8.20.0 when built with GSASL support: the GSASL context is cleaned up twice without the intervening pointer being cleared, causing the same allocation to be free()'d twice. A malicious or malfunctioning mail/auth server exercising the SASL handshake could trigger the condition, potentially corrupting heap memory and at minimum crashing the client. No public exploit identified at time of analysis, and the EPSS score is low (0.25%, 16th percentile) despite the headline CVSS of 9.8.

Information Disclosure Curl
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in curl 8.16.0 through 8.20.0 lets a malicious WebSocket server exhaust all client memory by flooding it with rapid, sequential PING frames. Because curl auto-responds to PINGs by default and imposes no upper bound on memory buffered for unacknowledged frames, the queue of pending PONG responses grows unbounded until the process is OOM-killed. EPSS is low (0.21%, 11th percentile) and there is no public exploit identified at time of analysis, consistent with an availability-only issue affecting the subset of deployments that actually use curl's WebSocket support.

Denial Of Service Curl Red Hat
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote denial of service in curl and libcurl (versions 8.18.0 through 8.20.0) lets a malicious or compromised HTTP/3 server indefinitely stall a connecting client. The flaw lives in curl's QUIC UDP receive path, where zero-length UDP datagrams are discarded before they are counted against the per-call packet budget, so a peer that streams a continuous flood of empty datagrams keeps the receive loop spinning without ever making progress. There is no public exploit identified at time of analysis, EPSS risk is low (0.28%, 20th percentile), and impact is availability-only (no data compromise).

Denial Of Service Curl Red Hat
NVD VulDB
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Host key verification bypass in libcurl affects applications using the CURLOPT_SSH_KEYFUNCTION callback for SCP:// or SFTP:// transfers, where a server presenting a host key of a different type than the one already recorded in known_hosts is silently accepted instead of rejected. This lets a network-positioned attacker impersonate a trusted SSH server and mount a man-in-the-middle attack, exposing and tampering with transferred data. There is no public exploit identified at time of analysis, and the EPSS probability is low (0.19%, 9th percentile), reflecting the specific application configuration and attacker positioning required.

Information Disclosure Curl
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Information disclosure and integrity exposure in curl/libcurl occurs when a new transfer that uses STARTTLS to upgrade a connection may reuse an already-established live connection whose TLS configuration does not match the requested one, so data intended for a strictly-configured secure channel can traverse a connection negotiated under different (potentially weaker or unverified) TLS settings. The flaw affects a very wide range of curl releases from 7.30.0 through 8.20.0 and is tagged as Information Disclosure with high confidentiality and integrity impact (CVSS 8.1). It is not listed in CISA KEV, EPSS is low (0.20%, 9th percentile), and no public exploit code is identified at time of analysis.

Information Disclosure Curl
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

SSH host-key verification bypass in curl/libcurl (versions through 8.20.0) lets a network man-in-the-middle silently impersonate an SFTP/SCP server when a user invokes curl with a schemeless URL plus '--proto-default sftp' (or scp). In this specific invocation the command-line tool layer misidentifies the scheme and skips setting CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 and CURLOPT_SSH_KNOWNHOSTS, while libcurl still honors CURLOPT_DEFAULT_PROTOCOL and completes the connection, so curl connects to an unverified host without any error. Tagged an Authentication Bypass; EPSS is low (0.21%, 11th percentile) and no public exploit was identified at time of analysis.

Authentication Bypass Curl Red Hat
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Cross-origin credential leakage in libcurl (curl 7.10.6 through 8.20.0) causes the HTTP Digest 'Authorization:' header computed for one origin (hostA) to be wrongly reused on a subsequent transfer to a different origin (hostB) when an application reuses the same easy handle. This exposes Digest authentication credentials to an unintended, potentially attacker-controlled host, and is tracked as an Information Disclosure issue (EUVD-2026-41501). No public exploit identified at time of analysis; EPSS is low at 0.25% (16th percentile) and it is not in CISA KEV, so this is a latent credential-exposure bug rather than a demonstrated mass-exploitation threat.

Information Disclosure Curl Red Hat
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Incorrect mTLS connection reuse in libcurl (curl releases through 8.16.0) causes the library to reuse a pooled TLS connection even after client-certificate options - notably the private key - were changed in a way that should have forced a fresh handshake. Because those client-certificate settings were omitted from the connection-match logic, a later transfer can be sent over a connection authenticated with the wrong client identity, an integrity failure tagged as information disclosure. Rated CVSS 7.5 (C:N/I:H/A:N); EPSS is only 0.13% and there is no public exploit identified at time of analysis, though a HackerOne report (#3733910) drove the private disclosure.

Information Disclosure Curl
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

TLS certificate-trust confusion in libcurl (curl 8.17.0 through 8.20.0) lets a reused pooled connection retain trust in the native platform CA store even after the application reconfigures the same easy handle to use custom CA material for a later transfer. An attacker positioned to intercept traffic could present a certificate valid under the native store - which the application intended to no longer trust - to silently intercept or spoof the connection. Rated CVSS 9.1, but EPSS is only 0.20% (9th percentile) and there is no public exploit identified at time of analysis, reflecting the narrow application-usage prerequisite rather than a broadly weaponizable flaw.

Information Disclosure Curl Red Hat
NVD VulDB
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Use-after-free in libcurl 8.13.0 through 8.20.0 occurs when an application calls curl_easy_pause() from inside an event-based CURLMOPT_SOCKETFUNCTION callback, causing libcurl to write a flag through a struct pointer whose backing memory was just freed. Affected are applications built on the curl multi interface using event-based socket callbacks; the flaw can lead to memory corruption or limited information disclosure (tagged Information Disclosure) with low confidentiality, integrity, and availability impact. There is no public exploit identified at time of analysis, it is not in CISA KEV, and EPSS is low at 0.21% (11th percentile), consistent with a niche triggering pattern rather than mass exploitation.

Information Disclosure Use After Free Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Proxy credential leakage in libcurl (curl) occurs when a single reused easy handle drives sequential transfers through different environment-variable-configured proxies: after Digest-authenticating to proxyA, libcurl fails to reset the proxy authentication state, so the `Proxy-Authorization:` header meant for proxyA is resent to proxyB. Any application relying on handle reuse with env-var proxy settings and multiple upstream proxies can disclose proxyA's credentials to an unauthorized proxy operator. EPSS is low (0.25%, 16th percentile), it is not on CISA KEV, and no public exploit identified at time of analysis - this is a credential-confidentiality issue rather than a code-execution flaw.

Information Disclosure Curl
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Cross-domain cookie injection in curl (versions 7.46.0 through 8.20.0) lets a malicious or compromised HTTP server set 'super cookies' that bypass the Public Suffix List (PSL) safeguard, causing curl to scope attacker-supplied cookies to unrelated third-party domains and transmit them on later requests. Rated CVSS 9.1 and tagged as an authentication bypass, the flaw undermines cookie origin isolation, but EPSS is low at 0.22% (12th percentile), there is no CISA KEV listing, and no public exploit was identified at time of analysis. A patched release is available from the curl project.

Authentication Bypass Curl
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Proxy-credential leakage in libcurl (curl 8.8.0 through 8.20.0) occurs because a request to clear previously set proxy authentication credentials is silently ignored, so the stale username/password remain attached to the reused easy handle and are sent on later transfers that were never meant to use them. This is an information-disclosure defect (tagged Information Disclosure, EUVD-2026-41510) affecting applications that reuse libcurl handles across multiple proxied requests. No public exploit identified at time of analysis and EPSS is low (0.25%, 16th percentile), consistent with a coding/logic flaw rather than a directly weaponizable remote bug.

Information Disclosure Curl
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Information disclosure in libcurl (curl 8.11.0 through 8.20.0) allows a network man-in-the-middle to capture sensitive request data when TLS early data (0-RTT) is combined with SSL session ID caching. If an application enables the CURLSSLOPT_EARLYDATA bit and leaves the session cache active, libcurl can transmit a resumed request's bytes on a reconnection before it enforces a certificate verification failure, so an attacker who impersonates the original host without a valid certificate may receive the leaked data. No public exploit identified at time of analysis, and EPSS is low (0.13%), reflecting the non-default configuration and active-MITM prerequisite.

Information Disclosure Curl
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Information disclosure in libcurl (versions 8.18.0 through 8.20.0) causes the HTTP Referer header to persist on a reused easy handle even after an application explicitly clears it by passing NULL to CURLOPT_REFERER. Because the internal referrer state is not reset, a previously set referrer string is silently re-sent on later requests, potentially leaking sensitive URL data (paths, tokens, or query parameters) to unintended destination servers. There is no public exploit identified at time of analysis, EPSS risk is low (0.21%, 11th percentile), and it is not listed in CISA KEV.

Information Disclosure Curl
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Wrong connection reuse across different services in curl/libcurl up to 8.20.0 allows curl's connection pool to incorrectly match and reuse an existing connection when the target service differs from the one originally used to establish that connection. This is part of a coordinated batch of 19 CVEs fixed in curl 8.21.0, released June 24, 2026. No public exploit or active exploitation has been identified; the curl project rates this LOW severity, consistent with limited real-world attack surface requiring specific multi-service usage patterns.

Information Disclosure Curl
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Credential disclosure in curl 8.11.1 through 8.20.0 (and earlier) lets curl silently substitute the wrong password when .netrc lookup is combined with a URL that carries a username but no password, such as https://user@example.com/. When no matching entry exists for the specified user, curl falls back to a different user's password stored for that same host and transmits it during authentication, potentially leaking one user's secret to a server or to an unintended account. Publicly available exploit-flow details exist via the originating HackerOne report; EPSS is low (0.20%, 9th percentile) and it is not in CISA KEV.

Information Disclosure Curl
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Improper SMB connection reuse in curl allows attackers to cause the library to send confidential request data over an attacker-controlled or unintended SMB connection, breaking the expected isolation between connections. The flaw affects a wide range of curl versions used in countless Linux distributions and embedded products, with a CVSS of 7.5 (confidentiality impact only). No public exploit identified at time of analysis, though SSVC marks exploitation as POC and EPSS remains very low (0.02%, 5th percentile).

SSRF Curl
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Cookie leakage in curl (libcurl) versions 7.71.0 through 8.19.0 allows remote servers to receive cookies intended for a different host when a stale custom cookie host value persists across requests. The flaw, tracked as CWE-319 (cleartext transmission of sensitive information), carries a CVSS 7.5 and SSVC 'partial' technical impact, with no public exploit identified at time of analysis and an EPSS of 0.01%.

Apple Information Disclosure Jenkins +1
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Proxy credentials in curl leak to unintended destinations when an HTTP redirect points to a proxy endpoint, exposing authentication material beyond its intended scope. This affects the curl library and CLI tool (haxx:curl) across a broad version range from 7.14.1 through 8.19.0, as enumerated in EUVD-2026-29927. A proof of concept exists per SSVC classification (Exploitation: poc), the vendor has issued a patch coordinated via oss-security and HackerOne report #3669637, and downstream distributors Red Hat (RHSA-2026:12916) and SUSE (multiple SU advisories) have released updates.

Apple Information Disclosure Curl
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Connection reuse logic in curl ignores TLS requirements, causing sensitive data to be transmitted in cleartext over channels that should be TLS-encrypted. When curl's connection pool reuses an existing non-encrypted connection to fulfill a subsequent HTTPS request, credentials, tokens, or request payloads may traverse the network without encryption. Affects curl versions 7.20.0 through 8.19.0 (cpe:2.3:a:haxx:curl); no public exploit is identified at time of analysis, SSVC confirms exploitation: none, and EPSS stands at 0.01% (2nd percentile).

Buffer Overflow Curl
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Wrong reuse of HTTP Negotiate-authenticated connections in curl exposes a high-integrity-impact vulnerability where subsequent HTTP requests may inherit an authentication context they should not, potentially allowing requests to be dispatched under incorrect Negotiate (Kerberos/NTLM/SPNEGO) credentials. Affecting an extraordinarily broad version range - curl 7.10.6 through at least 8.19.0 per EUVD data - this flaw was coordinated and disclosed by curl maintainer Daniel Stenberg via oss-security on 2026-04-29 alongside three related connection-reuse CVEs. No public exploit code has been identified and no active exploitation has been confirmed; a vendor-released patch is available, with downstream fixes confirmed by Red Hat (RHSA-2026:12916) and SUSE.

Information Disclosure Curl
NVD VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Curl's SMB implementation contains a use-after-free vulnerability that causes denial of service when processing consecutive requests to the same host, as the library incorrectly dereferences freed memory on subsequent connections. Public exploit code exists for this vulnerability affecting Curl installations. An attacker can crash Curl-based applications or services by triggering multiple SMB requests, though remote code execution is not possible due to the nature of the memory corruption.

Use After Free Curl Red Hat +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

curl's HTTP proxy connection reuse mechanism fails to validate credential changes, allowing an attacker to intercept or manipulate traffic by leveraging an existing proxy connection established with different authentication. This affects users whose applications reuse proxy connections across requests with varying credentials, enabling credential confusion attacks. Public exploit code exists for this vulnerability, though a patch is available.

Information Disclosure Curl
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

OAuth2 bearer token leakage in curl and .NET occurs when HTTP redirects are followed to a second hostname that matches entries in the .netrc configuration file, allowing attackers to obtain valid authentication tokens for unintended hosts. Public exploit code exists for this vulnerability affecting curl and .NET applications that rely on OAuth2 authentication with automatic redirect handling. This medium-severity vulnerability (CVSS 5.3) requires network access but no user interaction, and patches are available from vendors.

.NET Curl Red Hat +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

libcurl incorrectly reuses authenticated connections when processing Negotiate authentication requests, allowing an attacker with valid credentials to access resources authenticated under different user accounts. An authenticated attacker can exploit this connection pooling logic error to bypass authentication checks by reusing an existing connection that was authenticated with different credentials. This affects libcurl implementations using Negotiate authentication where multiple users access the same server.

Information Disclosure Curl Red Hat +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file. [CVSS 5.3 MEDIUM]

SSH Information Disclosure Curl +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. [CVSS 5.3 MEDIUM]

TLS Curl Suse +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host. [CVSS 5.3 MEDIUM]

LDAP Curl Suse +1
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. [CVSS 6.3 MEDIUM]

TLS LDAP Curl +2
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the server certificate to verify the peer. [CVSS 5.9 MEDIUM]

Authentication Bypass Curl Suse +1
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Curl Red Hat +1
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Denial of Service vulnerability in libcurl's WebSocket implementation that allows a malicious server to send a specially crafted packet triggering an endless busy-loop, forcing applications to kill the affected thread or process to recover. This affects all libcurl versions with WebSocket support, with CVSS 7.5 (High) severity due to network-accessible attack vector requiring no authentication. The vulnerability has high real-world impact for any application using libcurl for WebSocket connections, though exploitation requires active malicious server control.

Information Disclosure Curl Red Hat +1
NVD
EPSS 0% CVSS 4.8
MEDIUM POC PATCH Monitor

libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Red Hat +1
NVD
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Week

libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Red Hat +1
NVD
EPSS 0% CVSS 7.3
HIGH POC PATCH This Month

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Hci Baseboard Management Controller Hci H610S Firmware +8
NVD GitHub
EPSS 6% CVSS 7.0
HIGH POC PATCH This Week

A double-close vulnerability exists in libcurl when tearing down connection channels after threaded name resolution, causing the same eventfd file descriptor to be closed twice. This affects curl version 8.11.1 and various NetApp products that bundle libcurl, potentially leading to file descriptor confusion, limited information disclosure, and high availability impact. A public proof-of-concept exploit is available (HackerOne report 2954286), and the vulnerability has a notably high EPSS score of 6.37% (91st percentile), indicating elevated real-world exploitation likelihood.

Mozilla Denial Of Service Use After Free +10
NVD VulDB
EPSS 0% CVSS 3.4
LOW POC Monitor

When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Element Software +15
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora
NVD
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Fedora
NVD
EPSS 62% CVSS 7.5
HIGH POC THREAT This Week

When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Curl Fedora +8
NVD
EPSS 2% CVSS 3.7
LOW POC Monitor

An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora +7
NVD
EPSS 2% CVSS 5.9
MEDIUM POC This Month

An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Debian Linux +8
NVD
EPSS 3% CVSS 5.9
MEDIUM POC This Month

A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Curl macOS +6
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +8
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Curl +8
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Curl Fedora +7
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Curl Fedora +7
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Curl Active Iq Unified Manager +6
NVD
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Active Iq Unified Manager +6
NVD
EPSS 17% CVSS 7.5
HIGH POC THREAT This Week

A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Curl Fedora +5
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

curl can be told to parse a `.netrc` file for credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Curl +7
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Clustered Data Ontap +7
NVD
EPSS 3% CVSS 8.1
HIGH This Week

curl before 7.86.0 has a double free. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Curl Fedora +7
NVD
EPSS 2% CVSS 7.5
HIGH This Week

In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Curl Fedora +2
NVD
EPSS 2% CVSS 3.7
LOW POC Monitor

When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Clustered Data Ontap +11
NVD
EPSS 7% CVSS 5.9
MEDIUM POC This Month

When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection Curl Fedora +12
NVD
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora +12
NVD
EPSS 32% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Curl Fedora +17
NVD
EPSS 27% CVSS 4.3
MEDIUM POC PATCH THREAT This Month

A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Curl Fedora +17
NVD
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Curl Hci Bootstrap Os +8
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Hci Bootstrap Os +8
NVD
EPSS 2% CVSS 5.3
MEDIUM POC This Month

libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Hci Bootstrap Os +9
NVD
EPSS 3% CVSS 8.1
HIGH POC PATCH This Week

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Active Iq Unified Manager +12
NVD
EPSS 3% CVSS 6.5
MEDIUM POC This Month

A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora +11
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Debian Linux +11
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM POC PATCH This Month

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Code Injection Curl Fedora +24
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Debian Linux +27
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

libcurl-using applications can ask for a specific client certificate to be used in a transfer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Apple Curl +18
NVD VulDB
EPSS 2% CVSS 5.3
MEDIUM POC PATCH This Month

When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Curl Fedora +14
NVD
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Fedora +14
NVD
EPSS 60% CVSS 8.1
HIGH POC PATCH THREAT This Week

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Use After Free OpenSSL Memory Corruption +27
NVD GitHub
EPSS 0% CVSS 3.1
LOW POC PATCH Monitor

curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Curl Debian Linux +10
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Communications Cloud Native Core Binding Support Function +20
NVD GitHub VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Curl Fedora +21
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Curl Debian Linux +8
NVD VulDB
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Simatic Tim 1531 Irc Firmware +3
NVD
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow Curl +16
NVD VulDB
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Curl Fedora +10
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine"). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection OpenSSL RCE +9
NVD
EPSS 5% CVSS 3.7
LOW POC Monitor

An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Curl
NVD
EPSS 2% CVSS 9.1
CRITICAL PATCH Act Now

Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow +3
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free +2
NVD GitHub
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Denial Of Service Buffer Overflow +3
NVD GitHub
EPSS 6% CVSS 9.8
CRITICAL POC PATCH Act Now

Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Curl +1
NVD GitHub
EPSS 3% CVSS 9.1
CRITICAL PATCH Act Now

curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Information Disclosure Buffer Overflow +9
NVD VulDB
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Denial Of Service Buffer Overflow +2
NVD
EPSS 9% CVSS 9.1
CRITICAL PATCH Act Now

A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow +9
NVD
EPSS 10% CVSS 7.5
HIGH PATCH This Week

A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Debian Linux +8
NVD
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy