Vulnerability in Curl

CVE-2026-8926

When asking curl to use a `.netrc` file to find credentials and at the same time specifying a URL with a username(without a password), like `https://user@example.com/`, curl could wrongly get and use the password for *another* user set in…

Affected products

  • Curl — versions 8.20.0, 8.19.0, 8.18.0

References