Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CURL — Vulnerabilities & Security Advisories 47

Browse all 47 CVE security advisories affecting CURL. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CURL is a widely utilized command-line tool and library for transferring data with URL syntax, supporting protocols like HTTP, HTTPS, and FTP. Its ubiquity in automation scripts and embedded systems makes it a frequent target for attackers seeking initial access or data exfiltration. Historically, vulnerabilities in the software have predominantly involved buffer overflows, integer overflows, and improper input validation, leading to potential remote code execution or denial-of-service conditions. While cross-site scripting is less relevant due to its non-browser nature, privilege escalation risks arise when executed with elevated permissions. Notable incidents include critical flaws allowing attackers to bypass security checks or execute arbitrary commands through crafted URLs. With 39 recorded CVEs, maintaining updated versions is essential to mitigate these persistent risks associated with its extensive protocol support and deep integration into global infrastructure.

Top products by CURL: curl
CVE IDTitleCVSSSeverityPublished
CVE-2026-7168 cross-proxy Digest auth state leak — curl--2026-05-13
CVE-2026-7009 OCSP stapling bypass with Apple SecTrust — curl--2026-05-13
CVE-2026-6429 netrc credential leak with reused proxy connection — curl--2026-05-13
CVE-2026-6276 stale custom cookie host causes cookie leak — curl--2026-05-13
CVE-2026-6253 proxy credentials leak over redirect-to proxy — curl--2026-05-13
CVE-2026-5773 wrong reuse of SMB connection — curl--2026-05-13
CVE-2026-5545 wrong reuse of HTTP Negotiate connection — curl--2026-05-13
CVE-2026-4873 connection reuse ignores TLS requirement — curl--2026-05-13
CVE-2026-3805 use after free in SMB connection reuse — curl 9.1 -2026-03-11
CVE-2026-3784 wrong proxy connection reuse with credentials — curl 7.5 -2026-03-11
CVE-2026-3783 token leak with redirect and netrc — curl 6.5 -2026-03-11
CVE-2026-1965 bad reuse of HTTP Negotiate connection — curl 7.7 -2026-03-11
CVE-2025-11563 wcurl path traversal with percent-encoded slashes — curl 9.1AICriticalAI2026-02-25
CVE-2025-15224 libssh key passphrase bypass without agent set — curl 9.8 -2026-01-08
CVE-2025-15079 libssh global known_hosts override — curl 7.5 -2026-01-08
CVE-2025-14819 OpenSSL partial chain store policy bypass — curl 8.2 -2026-01-08
CVE-2025-14524 bearer token leak on cross-protocol redirect — curl 4.3 -2026-01-08
CVE-2025-14017 broken TLS options for threaded LDAPS — curl 4.3 -2026-01-08
CVE-2025-13034 No QUIC certificate pinning with GnuTLS — curl 7.5 -2026-01-08
CVE-2025-10966 missing SFTP host verification with wolfSSH — curl 7.4 -2025-11-07
CVE-2025-10148 predictable WebSocket mask — curl 7.1 -2025-09-12
CVE-2025-9086 Out of bounds read for cookie path — curl 8.1 -2025-09-12
CVE-2025-5399 WebSocket endless loop — curl 7.5AIHighAI2025-06-07
CVE-2025-5025 No QUIC certificate pinning with wolfSSL — curl 6.5AIMediumAI2025-05-28
CVE-2025-4947 QUIC certificate check skip with wolfSSL — curl 7.4AIHighAI2025-05-28
CVE-2025-0725 gzip integer overflow — curl 8.8 -2025-02-05
CVE-2025-0665 eventfd double close — curl 7.1 -2025-02-05
CVE-2025-0167 netrc and default credential leak — curl 5.9 -2025-02-05
CVE-2024-11053 netrc and redirect credential leak — curl 6.5 -2024-12-11
CVE-2024-9681 HSTS subdomain overwrites parent cache entry — curl 5.9AIMediumAI2024-11-06

This page lists every published CVE security advisory associated with CURL. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.