Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

curl — Vulnerabilities & Security Advisories 71

All 71 CVE vulnerabilities found in curl, with AI-generated Chinese analysis, references, and POCs.

This page documents the Common Weakness Enumerations associated with the curl product developed by the project community. It serves as a centralized resource for understanding the security posture and historical vulnerability landscape of this widely used command-line tool for transferring data with URLs. The collection aggregates a comprehensive range of security flaws, including buffer overflows, use-after-free errors, and improper input validation issues that may allow for remote code execution, information disclosure, or denial of service attacks. The data spans from the early 2000s to the present, capturing the evolution of security practices and the remediation efforts applied over more than two decades. Users can utilize this resource to track vendor advisories and observe how the curl project addresses specific weaknesses as they are reported. It provides valuable context for understanding the nature of common weakness classes within the context of network client tools. Researchers and developers can look up the complete vulnerability history of curl to assess risk, review patch effectiveness, and identify potential trends in code security. This aggregation helps in building a clearer picture of the threat surface and aids in making informed decisions regarding software procurement, usage, and development. By consolidating these records, the page facilitates deeper analysis of the product’s resilience against known attack vectors.

Vendor: n/a

CVE IDTitleCVSSSeverityPublished
CVE-2026-7168 cross-proxy Digest auth state leak --2026-05-13
CVE-2026-7009 OCSP stapling bypass with Apple SecTrust --2026-05-13
CVE-2026-6429 netrc credential leak with reused proxy connection --2026-05-13
CVE-2026-6276 stale custom cookie host causes cookie leak --2026-05-13
CVE-2026-6253 proxy credentials leak over redirect-to proxy --2026-05-13
CVE-2026-5773 wrong reuse of SMB connection --2026-05-13
CVE-2026-5545 wrong reuse of HTTP Negotiate connection --2026-05-13
CVE-2026-4873 connection reuse ignores TLS requirement --2026-05-13
CVE-2026-3805 use after free in SMB connection reuse 9.1 -2026-03-11
CVE-2026-3784 wrong proxy connection reuse with credentials 7.5 -2026-03-11
CVE-2026-3783 token leak with redirect and netrc 6.5 -2026-03-11
CVE-2026-1965 bad reuse of HTTP Negotiate connection 7.7 -2026-03-11
CVE-2025-11563 wcurl path traversal with percent-encoded slashes 9.1AICriticalAI2026-02-25
CVE-2025-15224 libssh key passphrase bypass without agent set 9.8 -2026-01-08
CVE-2025-15079 libssh global known_hosts override 7.5 -2026-01-08
CVE-2025-14819 OpenSSL partial chain store policy bypass 8.2 -2026-01-08
CVE-2025-14524 bearer token leak on cross-protocol redirect 4.3 -2026-01-08
CVE-2025-14017 broken TLS options for threaded LDAPS 4.3 -2026-01-08
CVE-2025-13034 No QUIC certificate pinning with GnuTLS 7.5 -2026-01-08
CVE-2025-10966 missing SFTP host verification with wolfSSH 7.4 -2025-11-07
CVE-2025-10148 predictable WebSocket mask 7.1 -2025-09-12
CVE-2025-9086 Out of bounds read for cookie path 8.1 -2025-09-12
CVE-2025-5399 WebSocket endless loop 7.5AIHighAI2025-06-07
CVE-2025-5025 No QUIC certificate pinning with wolfSSL 6.5AIMediumAI2025-05-28
CVE-2025-4947 QUIC certificate check skip with wolfSSL 7.4AIHighAI2025-05-28
CVE-2025-0725 gzip integer overflow 8.8 -2025-02-05
CVE-2025-0665 eventfd double close 7.1 -2025-02-05
CVE-2025-0167 netrc and default credential leak 5.9 -2025-02-05
CVE-2024-11053 netrc and redirect credential leak 6.5 -2024-12-11
CVE-2024-9681 HSTS subdomain overwrites parent cache entry 5.9AIMediumAI2024-11-06

All 71 known CVE vulnerabilities affecting curl with full Chinese analysis, references, and POCs where available.