Vulnerability in Curl

CVE-2026-1965

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to…

EPSS: 0.001 (22.2th percentile) — read the EPSS interpretation.

Affected products

  • Curl — versions 8.18.0, 8.17.0, 8.16.0

References