Browse all 47 CVE security advisories affecting curl. AI-powered Chinese analysis, POCs, and references for each vulnerability.
CURL is a widely utilized command-line tool and library for transferring data with URL syntax, supporting protocols like HTTP, HTTPS, and FTP. Its ubiquity in automation scripts and embedded systems makes it a frequent target for attackers seeking initial access or data exfiltration. Historically, vulnerabilities in the software have predominantly involved buffer overflows, integer overflows, and improper input validation, leading to potential remote code execution or denial-of-service conditions. While cross-site scripting is less relevant due to its non-browser nature, privilege escalation risks arise when executed with elevated permissions. Notable incidents include critical flaws allowing attackers to bypass security checks or execute arbitrary commands through crafted URLs. With 39 recorded CVEs, maintaining updated versions is essential to mitigate these persistent risks associated with its extensive protocol support and deep integration into global infrastructure.
CVE-2026-48732026-05-22CVE-2026-55452026-05-22CVE-2026-62532026-05-22CVE-2026-57732026-05-22CVE-2026-62762026-05-22CVE-2026-62532026-05-22CVE-2026-62762026-05-22CVE-2026-64292026-05-22CVE-2026-70092026-05-22CVE-2026-71682026-05-22CVE-2026-71682026-05-22CVE-2023-382782026-04-04CVE-2025-109662025-11-09CVE-2025-101482025-09-13CVE-2025-50252025-05-29CVE-2025-49472025-05-29CVE-2025-50252025-05-29CVE-2024-96812024-11-09CVE-2024-96812024-11-09CVE-2024-80962024-09-12Showing up to 20 recent security advisories. View all →
This page lists every published CVE security advisory associated with curl. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.