Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    439 vulnerabilities by haxx

    CVE-2026-9547 (GCVE-0-2026-9547)

    Vulnerability from nvd – Published: 2026-07-03 06:18 – Updated: 2026-07-06 16:48
    VLAI
    Title
    SSH improper host validation
    Summary
    When a libcurl-based application performs transfers via `SCP://` or `SFTP://` and utilizes the `CURLOPT_SSH_KEYFUNCTION` callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for that host in the `known_hosts` file. Instead of rejecting the mismatch, the callback mechanism fails to properly enforce the restriction, allowing the connection to succeed without warning and risking a potential man-in-the-middle attack.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.20.0 , ≤ 8.20.0 (semver)
    Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Create a notification for this product.
    Credits
    Joshua Rogers (Aisle Research) Joshua Rogers (Aisle Research)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9547",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T16:47:32.456534Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T16:48:14.469Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3751712"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.20.0",
                  "status": "affected",
                  "version": "8.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Joshua Rogers (Aisle Research)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Joshua Rogers (Aisle Research)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When a libcurl-based application performs transfers via `SCP://` or `SFTP://`\nand utilizes the `CURLOPT_SSH_KEYFUNCTION` callback, it may silently accept an\nuntrusted server. This vulnerability occurs when a server presents a host key\ntype that does not match the specific key type already recorded for that host\nin the `known_hosts` file. Instead of rejecting the mismatch, the callback\nmechanism fails to properly enforce the restriction, allowing the connection\nto succeed without warning and risking a potential man-in-the-middle attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-297 Improper Validation of Certificate with Host Mismatch",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T06:18:44.499Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-9547.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-9547.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3751712"
            }
          ],
          "title": "SSH improper host validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-9547",
        "datePublished": "2026-07-03T06:18:44.499Z",
        "dateReserved": "2026-05-26T06:45:27.665Z",
        "dateUpdated": "2026-07-06T16:48:14.469Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9546 (GCVE-0-2026-9546)

    Vulnerability from nvd – Published: 2026-07-03 06:18 – Updated: 2026-07-06 16:51
    VLAI
    Title
    sending old referer
    Summary
    A vulnerability in libcurl caused the HTTP `Referer:` header to persist even when explicitly cleared. While the documentation states that passing NULL to `CURLOPT_REFERER` suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously reused and sent in subsequent requests, potentially leaking sensitive information to unintended servers.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.20.0 , ≤ 8.20.0 (semver)
    Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Create a notification for this product.
    Credits
    renjian on hackerone Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9546",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T16:51:06.094113Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T16:51:49.410Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3754343"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.20.0",
                  "status": "affected",
                  "version": "8.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "renjian on hackerone"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in libcurl caused the HTTP `Referer:` header to persist even\nwhen explicitly cleared. While the documentation states that passing NULL to\n`CURLOPT_REFERER` suppresses the header, the option failed to clear the\ninternal state. As a result the previous referrer string was erroneously\nreused and sent in subsequent requests, potentially leaking sensitive\ninformation to unintended servers."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T06:18:14.447Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-9546.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-9546.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3754343"
            }
          ],
          "title": "sending old referer"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-9546",
        "datePublished": "2026-07-03T06:18:14.447Z",
        "dateReserved": "2026-05-26T06:45:18.723Z",
        "dateUpdated": "2026-07-06T16:51:49.410Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9545 (GCVE-0-2026-9545)

    Vulnerability from nvd – Published: 2026-07-03 06:17 – Updated: 2026-07-06 16:53
    VLAI
    Title
    exposing HTTP/3 early data
    Summary
    In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL session (`CURLOPT_SSL_SESSIONID_CACHE` is not disabled) and early data enabled (the `CURLSSLOPT_EARLYDATA` bit is set in `CURLOPT_SSL_OPTIONS`), libcurl might send off the second request's bytes on that new connection *before* enforcing the certificate verification failure. Potentially leaking sensitive information.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.20.0 , ≤ 8.20.0 (semver)
    Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Create a notification for this product.
    Credits
    Eunsoo Kim (Autonomous Code Security team at Microsoft) Stefan Eissing
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9545",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T16:52:42.898546Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T16:53:23.396Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3752888"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.20.0",
                  "status": "affected",
                  "version": "8.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Eunsoo Kim (Autonomous Code Security team at Microsoft)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stefan Eissing"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In this scenario, libcurl first uses a proper HTTP/3 server for the initial\ntransfers, and when it makes a second transfer to the same site it has been\nreplaced by the attacker\u0027s impostor machine - without a valid certificate.\n\nWhen libcurl returns to the hostname the second time with a cached SSL session\n(`CURLOPT_SSL_SESSIONID_CACHE` is not disabled) and early data enabled (the\n`CURLSSLOPT_EARLYDATA` bit is set in `CURLOPT_SSL_OPTIONS`), libcurl might\nsend off the second request\u0027s bytes on that new connection *before* enforcing\nthe certificate verification failure. Potentially leaking sensitive\ninformation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T06:17:55.931Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-9545.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-9545.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3752888"
            }
          ],
          "title": "exposing HTTP/3 early data"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-9545",
        "datePublished": "2026-07-03T06:17:55.931Z",
        "dateReserved": "2026-05-26T06:45:08.680Z",
        "dateUpdated": "2026-07-06T16:53:23.396Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9080 (GCVE-0-2026-9080)

    Vulnerability from nvd – Published: 2026-07-03 06:17 – Updated: 2026-07-06 16:55
    VLAI
    Title
    UAF after pause in socket callback
    Summary
    Calling `curl_easy_pause()` within the event-based `CURLMOPT_SOCKETFUNCTION` callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.20.0 , ≤ 8.20.0 (semver)
    Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Create a notification for this product.
    Credits
    Joshua Rogers (Aisle Research) Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 7.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9080",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T16:54:41.919630Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T16:55:16.890Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3749204"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.20.0",
                  "status": "affected",
                  "version": "8.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Joshua Rogers (Aisle Research)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Calling `curl_easy_pause()` within the event-based `CURLMOPT_SOCKETFUNCTION`\ncallback triggers a use-after-free vulnerability, where libcurl attempts to\nstore a flag using a dangling struct pointer immediately after that pointer\u0027s\nmemory has been freed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-416 Use After Free",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T06:17:34.905Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-9080.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-9080.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3749204"
            }
          ],
          "title": "UAF after pause in socket callback"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-9080",
        "datePublished": "2026-07-03T06:17:34.905Z",
        "dateReserved": "2026-05-20T12:59:50.588Z",
        "dateUpdated": "2026-07-06T16:55:16.890Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9079 (GCVE-0-2026-9079)

    Vulnerability from nvd – Published: 2026-07-03 06:16 – Updated: 2026-07-06 16:49
    VLAI
    Title
    stale proxy password leak
    Summary
    libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.20.0 , ≤ 8.20.0 (semver)
    Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Create a notification for this product.
    Credits
    Guancheng Li Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9079",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T16:49:15.639683Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T16:49:56.248Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3750295"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.20.0",
                  "status": "affected",
                  "version": "8.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Guancheng Li"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "libcurl had a flaw that when instructed to clear proxy authentication\ncredentials which made it not do so, leaving the old credentials around to get\nused for subsequent transfers that should not know nor use them."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T06:16:51.127Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-9079.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-9079.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3750295"
            }
          ],
          "title": "stale proxy password leak"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-9079",
        "datePublished": "2026-07-03T06:16:51.127Z",
        "dateReserved": "2026-05-20T12:59:41.444Z",
        "dateUpdated": "2026-07-06T16:49:56.248Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8932 (GCVE-0-2026-8932)

    Vulnerability from nvd – Published: 2026-07-03 06:16 – Updated: 2026-07-06 16:59
    VLAI
    Title
    incomplete mTLS config matching in conn reuse
    Summary
    libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS settings related to client certificates were left out from the configuration match checks, making them match too easily. In particular options related to the private key.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.20.0 , ≤ 8.20.0 (semver)
    Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Affected: 7.45.0 , ≤ 7.45.0 (semver)
    Affected: 7.44.0 , ≤ 7.44.0 (semver)
    Affected: 7.43.0 , ≤ 7.43.0 (semver)
    Affected: 7.42.1 , ≤ 7.42.1 (semver)
    Affected: 7.42.0 , ≤ 7.42.0 (semver)
    Affected: 7.41.0 , ≤ 7.41.0 (semver)
    Affected: 7.40.0 , ≤ 7.40.0 (semver)
    Affected: 7.39.0 , ≤ 7.39.0 (semver)
    Affected: 7.38.0 , ≤ 7.38.0 (semver)
    Affected: 7.37.1 , ≤ 7.37.1 (semver)
    Affected: 7.37.0 , ≤ 7.37.0 (semver)
    Affected: 7.36.0 , ≤ 7.36.0 (semver)
    Affected: 7.35.0 , ≤ 7.35.0 (semver)
    Affected: 7.34.0 , ≤ 7.34.0 (semver)
    Affected: 7.33.0 , ≤ 7.33.0 (semver)
    Affected: 7.32.0 , ≤ 7.32.0 (semver)
    Affected: 7.31.0 , ≤ 7.31.0 (semver)
    Affected: 7.30.0 , ≤ 7.30.0 (semver)
    Affected: 7.29.0 , ≤ 7.29.0 (semver)
    Affected: 7.28.1 , ≤ 7.28.1 (semver)
    Affected: 7.28.0 , ≤ 7.28.0 (semver)
    Affected: 7.27.0 , ≤ 7.27.0 (semver)
    Affected: 7.26.0 , ≤ 7.26.0 (semver)
    Affected: 7.25.0 , ≤ 7.25.0 (semver)
    Affected: 7.24.0 , ≤ 7.24.0 (semver)
    Affected: 7.23.1 , ≤ 7.23.1 (semver)
    Affected: 7.23.0 , ≤ 7.23.0 (semver)
    Affected: 7.22.0 , ≤ 7.22.0 (semver)
    Affected: 7.21.7 , ≤ 7.21.7 (semver)
    Affected: 7.21.6 , ≤ 7.21.6 (semver)
    Affected: 7.21.5 , ≤ 7.21.5 (semver)
    Affected: 7.21.4 , ≤ 7.21.4 (semver)
    Affected: 7.21.3 , ≤ 7.21.3 (semver)
    Affected: 7.21.2 , ≤ 7.21.2 (semver)
    Affected: 7.21.1 , ≤ 7.21.1 (semver)
    Affected: 7.21.0 , ≤ 7.21.0 (semver)
    Affected: 7.20.1 , ≤ 7.20.1 (semver)
    Affected: 7.20.0 , ≤ 7.20.0 (semver)
    Affected: 7.19.7 , ≤ 7.19.7 (semver)
    Affected: 7.19.6 , ≤ 7.19.6 (semver)
    Affected: 7.19.5 , ≤ 7.19.5 (semver)
    Affected: 7.19.4 , ≤ 7.19.4 (semver)
    Affected: 7.19.3 , ≤ 7.19.3 (semver)
    Affected: 7.19.2 , ≤ 7.19.2 (semver)
    Affected: 7.19.1 , ≤ 7.19.1 (semver)
    Affected: 7.19.0 , ≤ 7.19.0 (semver)
    Affected: 7.18.2 , ≤ 7.18.2 (semver)
    Affected: 7.18.1 , ≤ 7.18.1 (semver)
    Affected: 7.18.0 , ≤ 7.18.0 (semver)
    Affected: 7.17.1 , ≤ 7.17.1 (semver)
    Affected: 7.17.0 , ≤ 7.17.0 (semver)
    Affected: 7.16.4 , ≤ 7.16.4 (semver)
    Affected: 7.16.3 , ≤ 7.16.3 (semver)
    Affected: 7.16.2 , ≤ 7.16.2 (semver)
    Affected: 7.16.1 , ≤ 7.16.1 (semver)
    Affected: 7.16.0 , ≤ 7.16.0 (semver)
    Affected: 7.15.5 , ≤ 7.15.5 (semver)
    Affected: 7.15.4 , ≤ 7.15.4 (semver)
    Affected: 7.15.3 , ≤ 7.15.3 (semver)
    Affected: 7.15.2 , ≤ 7.15.2 (semver)
    Affected: 7.15.1 , ≤ 7.15.1 (semver)
    Affected: 7.15.0 , ≤ 7.15.0 (semver)
    Affected: 7.14.1 , ≤ 7.14.1 (semver)
    Affected: 7.14.0 , ≤ 7.14.0 (semver)
    Affected: 7.13.2 , ≤ 7.13.2 (semver)
    Affected: 7.13.1 , ≤ 7.13.1 (semver)
    Affected: 7.13.0 , ≤ 7.13.0 (semver)
    Affected: 7.12.3 , ≤ 7.12.3 (semver)
    Affected: 7.12.2 , ≤ 7.12.2 (semver)
    Affected: 7.12.1 , ≤ 7.12.1 (semver)
    Affected: 7.12.0 , ≤ 7.12.0 (semver)
    Affected: 7.11.2 , ≤ 7.11.2 (semver)
    Affected: 7.11.1 , ≤ 7.11.1 (semver)
    Affected: 7.11.0 , ≤ 7.11.0 (semver)
    Affected: 7.10.8 , ≤ 7.10.8 (semver)
    Affected: 7.10.7 , ≤ 7.10.7 (semver)
    Affected: 7.10.6 , ≤ 7.10.6 (semver)
    Affected: 7.10.5 , ≤ 7.10.5 (semver)
    Affected: 7.10.4 , ≤ 7.10.4 (semver)
    Affected: 7.10.3 , ≤ 7.10.3 (semver)
    Affected: 7.10.2 , ≤ 7.10.2 (semver)
    Affected: 7.10.1 , ≤ 7.10.1 (semver)
    Affected: 7.10 , ≤ 7.10 (semver)
    Affected: 7.9.8 , ≤ 7.9.8 (semver)
    Affected: 7.9.7 , ≤ 7.9.7 (semver)
    Affected: 7.9.6 , ≤ 7.9.6 (semver)
    Affected: 7.9.5 , ≤ 7.9.5 (semver)
    Affected: 7.9.4 , ≤ 7.9.4 (semver)
    Affected: 7.9.3 , ≤ 7.9.3 (semver)
    Affected: 7.9.2 , ≤ 7.9.2 (semver)
    Affected: 7.9.1 , ≤ 7.9.1 (semver)
    Affected: 7.9 , ≤ 7.9 (semver)
    Affected: 7.8.1 , ≤ 7.8.1 (semver)
    Affected: 7.8 , ≤ 7.8 (semver)
    Affected: 7.7.3 , ≤ 7.7.3 (semver)
    Affected: 7.7.2 , ≤ 7.7.2 (semver)
    Affected: 7.7.1 , ≤ 7.7.1 (semver)
    Affected: 7.7 , ≤ 7.7 (semver)
    Create a notification for this product.
    Credits
    Joshua Rogers (Aisle Research) Joshua Rogers (Aisle Research)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8932",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T16:58:28.124167Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T16:59:07.104Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3733910"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.20.0",
                  "status": "affected",
                  "version": "8.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.45.0",
                  "status": "affected",
                  "version": "7.45.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.44.0",
                  "status": "affected",
                  "version": "7.44.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.43.0",
                  "status": "affected",
                  "version": "7.43.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.1",
                  "status": "affected",
                  "version": "7.42.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.0",
                  "status": "affected",
                  "version": "7.42.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.41.0",
                  "status": "affected",
                  "version": "7.41.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.40.0",
                  "status": "affected",
                  "version": "7.40.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.39.0",
                  "status": "affected",
                  "version": "7.39.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.38.0",
                  "status": "affected",
                  "version": "7.38.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.1",
                  "status": "affected",
                  "version": "7.37.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.0",
                  "status": "affected",
                  "version": "7.37.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.36.0",
                  "status": "affected",
                  "version": "7.36.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.35.0",
                  "status": "affected",
                  "version": "7.35.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.34.0",
                  "status": "affected",
                  "version": "7.34.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.33.0",
                  "status": "affected",
                  "version": "7.33.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.32.0",
                  "status": "affected",
                  "version": "7.32.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.31.0",
                  "status": "affected",
                  "version": "7.31.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.30.0",
                  "status": "affected",
                  "version": "7.30.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.29.0",
                  "status": "affected",
                  "version": "7.29.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.1",
                  "status": "affected",
                  "version": "7.28.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.0",
                  "status": "affected",
                  "version": "7.28.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.27.0",
                  "status": "affected",
                  "version": "7.27.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.26.0",
                  "status": "affected",
                  "version": "7.26.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.25.0",
                  "status": "affected",
                  "version": "7.25.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.24.0",
                  "status": "affected",
                  "version": "7.24.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.1",
                  "status": "affected",
                  "version": "7.23.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.0",
                  "status": "affected",
                  "version": "7.23.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.22.0",
                  "status": "affected",
                  "version": "7.22.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.7",
                  "status": "affected",
                  "version": "7.21.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.6",
                  "status": "affected",
                  "version": "7.21.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.5",
                  "status": "affected",
                  "version": "7.21.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.4",
                  "status": "affected",
                  "version": "7.21.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.3",
                  "status": "affected",
                  "version": "7.21.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.2",
                  "status": "affected",
                  "version": "7.21.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.1",
                  "status": "affected",
                  "version": "7.21.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.0",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.1",
                  "status": "affected",
                  "version": "7.20.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.0",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.7",
                  "status": "affected",
                  "version": "7.19.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.6",
                  "status": "affected",
                  "version": "7.19.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.5",
                  "status": "affected",
                  "version": "7.19.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.4",
                  "status": "affected",
                  "version": "7.19.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.3",
                  "status": "affected",
                  "version": "7.19.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.2",
                  "status": "affected",
                  "version": "7.19.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.1",
                  "status": "affected",
                  "version": "7.19.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.0",
                  "status": "affected",
                  "version": "7.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.2",
                  "status": "affected",
                  "version": "7.18.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.1",
                  "status": "affected",
                  "version": "7.18.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.0",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.1",
                  "status": "affected",
                  "version": "7.17.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.0",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.4",
                  "status": "affected",
                  "version": "7.16.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.3",
                  "status": "affected",
                  "version": "7.16.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.2",
                  "status": "affected",
                  "version": "7.16.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.1",
                  "status": "affected",
                  "version": "7.16.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.0",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.5",
                  "status": "affected",
                  "version": "7.15.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.4",
                  "status": "affected",
                  "version": "7.15.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.3",
                  "status": "affected",
                  "version": "7.15.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.2",
                  "status": "affected",
                  "version": "7.15.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.1",
                  "status": "affected",
                  "version": "7.15.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.0",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.1",
                  "status": "affected",
                  "version": "7.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.0",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.2",
                  "status": "affected",
                  "version": "7.13.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.1",
                  "status": "affected",
                  "version": "7.13.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.0",
                  "status": "affected",
                  "version": "7.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.3",
                  "status": "affected",
                  "version": "7.12.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.2",
                  "status": "affected",
                  "version": "7.12.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.1",
                  "status": "affected",
                  "version": "7.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.0",
                  "status": "affected",
                  "version": "7.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.11.2",
                  "status": "affected",
                  "version": "7.11.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.11.1",
                  "status": "affected",
                  "version": "7.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.11.0",
                  "status": "affected",
                  "version": "7.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.8",
                  "status": "affected",
                  "version": "7.10.8",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.7",
                  "status": "affected",
                  "version": "7.10.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.6",
                  "status": "affected",
                  "version": "7.10.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.5",
                  "status": "affected",
                  "version": "7.10.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.4",
                  "status": "affected",
                  "version": "7.10.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.3",
                  "status": "affected",
                  "version": "7.10.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.2",
                  "status": "affected",
                  "version": "7.10.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.1",
                  "status": "affected",
                  "version": "7.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10",
                  "status": "affected",
                  "version": "7.10",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.8",
                  "status": "affected",
                  "version": "7.9.8",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.7",
                  "status": "affected",
                  "version": "7.9.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.6",
                  "status": "affected",
                  "version": "7.9.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.5",
                  "status": "affected",
                  "version": "7.9.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.4",
                  "status": "affected",
                  "version": "7.9.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.3",
                  "status": "affected",
                  "version": "7.9.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.2",
                  "status": "affected",
                  "version": "7.9.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.1",
                  "status": "affected",
                  "version": "7.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9",
                  "status": "affected",
                  "version": "7.9",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.8.1",
                  "status": "affected",
                  "version": "7.8.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.8",
                  "status": "affected",
                  "version": "7.8",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.7.3",
                  "status": "affected",
                  "version": "7.7.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.7.2",
                  "status": "affected",
                  "version": "7.7.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.7.1",
                  "status": "affected",
                  "version": "7.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.7",
                  "status": "affected",
                  "version": "7.7",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Joshua Rogers (Aisle Research)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Joshua Rogers (Aisle Research)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "libcurl would reuse a previously created connection even when some mTLS config\nrelated option had been changed that should have prohibited reuse.\n\nlibcurl keeps previously used connections in a connection pool for subsequent\ntransfers to reuse if one of them matches the setup. However, some TLS\nsettings related to client certificates were left out from the configuration\nmatch checks, making them match too easily. In particular options related to\nthe private key."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-305 Authentication Bypass by Primary Weakness",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T06:16:30.485Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-8932.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-8932.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3733910"
            }
          ],
          "title": "incomplete mTLS config matching in conn reuse"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-8932",
        "datePublished": "2026-07-03T06:16:30.485Z",
        "dateReserved": "2026-05-19T08:56:58.825Z",
        "dateUpdated": "2026-07-06T16:59:07.104Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8927 (GCVE-0-2026-8927)

    Vulnerability from nvd – Published: 2026-07-03 06:16 – Updated: 2026-07-06 17:01
    VLAI
    Title
    env-set cross-proxy Digest auth state leak
    Summary
    When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against `proxyA` using Digest auth, a subsequent transfer routed through `proxyB` erroneously leaks the `Proxy-Authorization:` header intended solely for `proxyA`.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.20.0 , ≤ 8.20.0 (semver)
    Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Affected: 7.45.0 , ≤ 7.45.0 (semver)
    Affected: 7.44.0 , ≤ 7.44.0 (semver)
    Affected: 7.43.0 , ≤ 7.43.0 (semver)
    Affected: 7.42.1 , ≤ 7.42.1 (semver)
    Affected: 7.42.0 , ≤ 7.42.0 (semver)
    Affected: 7.41.0 , ≤ 7.41.0 (semver)
    Affected: 7.40.0 , ≤ 7.40.0 (semver)
    Affected: 7.39.0 , ≤ 7.39.0 (semver)
    Affected: 7.38.0 , ≤ 7.38.0 (semver)
    Affected: 7.37.1 , ≤ 7.37.1 (semver)
    Affected: 7.37.0 , ≤ 7.37.0 (semver)
    Affected: 7.36.0 , ≤ 7.36.0 (semver)
    Affected: 7.35.0 , ≤ 7.35.0 (semver)
    Affected: 7.34.0 , ≤ 7.34.0 (semver)
    Affected: 7.33.0 , ≤ 7.33.0 (semver)
    Affected: 7.32.0 , ≤ 7.32.0 (semver)
    Affected: 7.31.0 , ≤ 7.31.0 (semver)
    Affected: 7.30.0 , ≤ 7.30.0 (semver)
    Affected: 7.29.0 , ≤ 7.29.0 (semver)
    Affected: 7.28.1 , ≤ 7.28.1 (semver)
    Affected: 7.28.0 , ≤ 7.28.0 (semver)
    Affected: 7.27.0 , ≤ 7.27.0 (semver)
    Affected: 7.26.0 , ≤ 7.26.0 (semver)
    Affected: 7.25.0 , ≤ 7.25.0 (semver)
    Affected: 7.24.0 , ≤ 7.24.0 (semver)
    Affected: 7.23.1 , ≤ 7.23.1 (semver)
    Affected: 7.23.0 , ≤ 7.23.0 (semver)
    Affected: 7.22.0 , ≤ 7.22.0 (semver)
    Affected: 7.21.7 , ≤ 7.21.7 (semver)
    Affected: 7.21.6 , ≤ 7.21.6 (semver)
    Affected: 7.21.5 , ≤ 7.21.5 (semver)
    Affected: 7.21.4 , ≤ 7.21.4 (semver)
    Affected: 7.21.3 , ≤ 7.21.3 (semver)
    Affected: 7.21.2 , ≤ 7.21.2 (semver)
    Affected: 7.21.1 , ≤ 7.21.1 (semver)
    Affected: 7.21.0 , ≤ 7.21.0 (semver)
    Affected: 7.20.1 , ≤ 7.20.1 (semver)
    Affected: 7.20.0 , ≤ 7.20.0 (semver)
    Affected: 7.19.7 , ≤ 7.19.7 (semver)
    Affected: 7.19.6 , ≤ 7.19.6 (semver)
    Affected: 7.19.5 , ≤ 7.19.5 (semver)
    Affected: 7.19.4 , ≤ 7.19.4 (semver)
    Affected: 7.19.3 , ≤ 7.19.3 (semver)
    Affected: 7.19.2 , ≤ 7.19.2 (semver)
    Affected: 7.19.1 , ≤ 7.19.1 (semver)
    Affected: 7.19.0 , ≤ 7.19.0 (semver)
    Affected: 7.18.2 , ≤ 7.18.2 (semver)
    Affected: 7.18.1 , ≤ 7.18.1 (semver)
    Affected: 7.18.0 , ≤ 7.18.0 (semver)
    Affected: 7.17.1 , ≤ 7.17.1 (semver)
    Affected: 7.17.0 , ≤ 7.17.0 (semver)
    Affected: 7.16.4 , ≤ 7.16.4 (semver)
    Affected: 7.16.3 , ≤ 7.16.3 (semver)
    Affected: 7.16.2 , ≤ 7.16.2 (semver)
    Affected: 7.16.1 , ≤ 7.16.1 (semver)
    Affected: 7.16.0 , ≤ 7.16.0 (semver)
    Affected: 7.15.5 , ≤ 7.15.5 (semver)
    Affected: 7.15.4 , ≤ 7.15.4 (semver)
    Affected: 7.15.3 , ≤ 7.15.3 (semver)
    Affected: 7.15.2 , ≤ 7.15.2 (semver)
    Affected: 7.15.1 , ≤ 7.15.1 (semver)
    Affected: 7.15.0 , ≤ 7.15.0 (semver)
    Affected: 7.14.1 , ≤ 7.14.1 (semver)
    Affected: 7.14.0 , ≤ 7.14.0 (semver)
    Affected: 7.13.2 , ≤ 7.13.2 (semver)
    Affected: 7.13.1 , ≤ 7.13.1 (semver)
    Affected: 7.13.0 , ≤ 7.13.0 (semver)
    Affected: 7.12.3 , ≤ 7.12.3 (semver)
    Affected: 7.12.2 , ≤ 7.12.2 (semver)
    Affected: 7.12.1 , ≤ 7.12.1 (semver)
    Affected: 7.12.0 , ≤ 7.12.0 (semver)
    Create a notification for this product.
    Credits
    Ady Elouej Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8927",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T17:00:13.489405Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T17:01:06.213Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3744543"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.20.0",
                  "status": "affected",
                  "version": "8.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.45.0",
                  "status": "affected",
                  "version": "7.45.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.44.0",
                  "status": "affected",
                  "version": "7.44.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.43.0",
                  "status": "affected",
                  "version": "7.43.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.1",
                  "status": "affected",
                  "version": "7.42.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.0",
                  "status": "affected",
                  "version": "7.42.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.41.0",
                  "status": "affected",
                  "version": "7.41.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.40.0",
                  "status": "affected",
                  "version": "7.40.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.39.0",
                  "status": "affected",
                  "version": "7.39.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.38.0",
                  "status": "affected",
                  "version": "7.38.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.1",
                  "status": "affected",
                  "version": "7.37.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.0",
                  "status": "affected",
                  "version": "7.37.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.36.0",
                  "status": "affected",
                  "version": "7.36.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.35.0",
                  "status": "affected",
                  "version": "7.35.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.34.0",
                  "status": "affected",
                  "version": "7.34.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.33.0",
                  "status": "affected",
                  "version": "7.33.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.32.0",
                  "status": "affected",
                  "version": "7.32.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.31.0",
                  "status": "affected",
                  "version": "7.31.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.30.0",
                  "status": "affected",
                  "version": "7.30.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.29.0",
                  "status": "affected",
                  "version": "7.29.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.1",
                  "status": "affected",
                  "version": "7.28.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.0",
                  "status": "affected",
                  "version": "7.28.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.27.0",
                  "status": "affected",
                  "version": "7.27.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.26.0",
                  "status": "affected",
                  "version": "7.26.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.25.0",
                  "status": "affected",
                  "version": "7.25.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.24.0",
                  "status": "affected",
                  "version": "7.24.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.1",
                  "status": "affected",
                  "version": "7.23.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.0",
                  "status": "affected",
                  "version": "7.23.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.22.0",
                  "status": "affected",
                  "version": "7.22.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.7",
                  "status": "affected",
                  "version": "7.21.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.6",
                  "status": "affected",
                  "version": "7.21.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.5",
                  "status": "affected",
                  "version": "7.21.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.4",
                  "status": "affected",
                  "version": "7.21.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.3",
                  "status": "affected",
                  "version": "7.21.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.2",
                  "status": "affected",
                  "version": "7.21.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.1",
                  "status": "affected",
                  "version": "7.21.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.0",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.1",
                  "status": "affected",
                  "version": "7.20.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.0",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.7",
                  "status": "affected",
                  "version": "7.19.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.6",
                  "status": "affected",
                  "version": "7.19.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.5",
                  "status": "affected",
                  "version": "7.19.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.4",
                  "status": "affected",
                  "version": "7.19.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.3",
                  "status": "affected",
                  "version": "7.19.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.2",
                  "status": "affected",
                  "version": "7.19.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.1",
                  "status": "affected",
                  "version": "7.19.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.0",
                  "status": "affected",
                  "version": "7.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.2",
                  "status": "affected",
                  "version": "7.18.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.1",
                  "status": "affected",
                  "version": "7.18.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.0",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.1",
                  "status": "affected",
                  "version": "7.17.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.0",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.4",
                  "status": "affected",
                  "version": "7.16.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.3",
                  "status": "affected",
                  "version": "7.16.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.2",
                  "status": "affected",
                  "version": "7.16.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.1",
                  "status": "affected",
                  "version": "7.16.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.0",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.5",
                  "status": "affected",
                  "version": "7.15.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.4",
                  "status": "affected",
                  "version": "7.15.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.3",
                  "status": "affected",
                  "version": "7.15.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.2",
                  "status": "affected",
                  "version": "7.15.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.1",
                  "status": "affected",
                  "version": "7.15.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.0",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.1",
                  "status": "affected",
                  "version": "7.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.0",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.2",
                  "status": "affected",
                  "version": "7.13.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.1",
                  "status": "affected",
                  "version": "7.13.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.0",
                  "status": "affected",
                  "version": "7.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.3",
                  "status": "affected",
                  "version": "7.12.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.2",
                  "status": "affected",
                  "version": "7.12.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.1",
                  "status": "affected",
                  "version": "7.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.0",
                  "status": "affected",
                  "version": "7.12.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ady Elouej"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When reusing a libcurl handle for sequential transfers driven by\nenvironment-variable proxy configuration, libcurl fails to clear the proxy\nauthentication state between requests. Specifically, if the initial transfer\nauthenticates against `proxyA` using Digest auth, a subsequent transfer routed\nthrough `proxyB` erroneously leaks the `Proxy-Authorization:` header intended\nsolely for `proxyA`."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-294 Authentication Bypass by Capture-replay",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T06:16:06.376Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-8927.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-8927.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3744543"
            }
          ],
          "title": "env-set cross-proxy Digest auth state leak"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-8927",
        "datePublished": "2026-07-03T06:16:06.376Z",
        "dateReserved": "2026-05-19T08:12:08.842Z",
        "dateUpdated": "2026-07-06T17:01:06.213Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8926 (GCVE-0-2026-8926)

    Vulnerability from nvd – Published: 2026-07-03 06:15 – Updated: 2026-07-06 17:02
    VLAI
    Title
    password leak with netrc and user in URL
    Summary
    When asking curl to use a `.netrc` file to find credentials and at the same time specifying a URL with a username(without a password), like `https://user@example.com/`, curl could wrongly get and use the password for *another* user set in the `.netrc` file for that host if such a one exists and there is no match for the specified user.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.20.0 , ≤ 8.20.0 (semver)
    Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Create a notification for this product.
    Credits
    Joshua Rogers (Aisle Research) Stefan Eissing
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8926",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T17:01:57.524535Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T17:02:33.061Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3735184"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.20.0",
                  "status": "affected",
                  "version": "8.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Joshua Rogers (Aisle Research)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stefan Eissing"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When asking curl to use a `.netrc` file to find credentials and at the same\ntime specifying a URL with a username(without a password), like\n`https://user@example.com/`, curl could wrongly get and use the password for\n*another* user set in the `.netrc` file for that host if such a one exists and\nthere is no match for the specified user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T06:15:45.735Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-8926.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-8926.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3735184"
            }
          ],
          "title": "password leak with netrc and user in URL"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-8926",
        "datePublished": "2026-07-03T06:15:45.735Z",
        "dateReserved": "2026-05-19T08:11:58.393Z",
        "dateUpdated": "2026-07-06T17:02:33.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8925 (GCVE-0-2026-8925)

    Vulnerability from nvd – Published: 2026-07-03 06:15 – Updated: 2026-07-06 17:04
    VLAI
    Title
    SASL double-free
    Summary
    The curl logic that works with SASL authentication could end up cleaning up the GSASL context *twice* without clearing the pointer in between, making it `free()` the same pointer twice.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.20.0 , ≤ 8.20.0 (semver)
    Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Create a notification for this product.
    Credits
    Joshua Rogers (Aisle Research) Viktor Szakats
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8925",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T17:03:39.068747Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T17:04:15.411Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3735193"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.20.0",
                  "status": "affected",
                  "version": "8.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Joshua Rogers (Aisle Research)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Viktor Szakats"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The curl logic that works with SASL authentication could end up cleaning up\nthe GSASL context *twice* without clearing the pointer in between, making it\n`free()` the same pointer twice."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-415 Double Free",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T06:15:25.448Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-8925.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-8925.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3735193"
            }
          ],
          "title": "SASL double-free"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-8925",
        "datePublished": "2026-07-03T06:15:25.448Z",
        "dateReserved": "2026-05-19T08:11:49.032Z",
        "dateUpdated": "2026-07-06T17:04:15.411Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8924 (GCVE-0-2026-8924)

    Vulnerability from nvd – Published: 2026-07-03 06:15 – Updated: 2026-07-06 16:57
    VLAI
    Title
    trailing dot domain super cookie
    Summary
    A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.20.0 , ≤ 8.20.0 (semver)
    Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Create a notification for this product.
    Credits
    vegagent on hackerone Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8924",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T16:56:31.860200Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T16:57:16.362Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3733905"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.20.0",
                  "status": "affected",
                  "version": "8.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "vegagent on hackerone"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw in curl\u2019s cookie parsing logic allows a malicious HTTP server to set\n\u0027super cookies\u0027 that bypass the Public Suffix List check. This enables an\nattacker-controlled origin to inject cookies that curl subsequently scopes and\ntransmits to unrelated third-party domains."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-201 Information Exposure Through Sent Data",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T06:15:04.646Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-8924.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-8924.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3733905"
            }
          ],
          "title": "trailing dot domain super cookie"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-8924",
        "datePublished": "2026-07-03T06:15:04.646Z",
        "dateReserved": "2026-05-19T08:11:35.441Z",
        "dateUpdated": "2026-07-06T16:57:16.362Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8458 (GCVE-0-2026-8458)

    Vulnerability from nvd – Published: 2026-07-03 06:14 – Updated: 2026-07-06 17:32
    VLAI
    Title
    wrong reuse for different services
    Summary
    libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different services.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.20.0 , ≤ 8.20.0 (semver)
    Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Affected: 7.45.0 , ≤ 7.45.0 (semver)
    Affected: 7.44.0 , ≤ 7.44.0 (semver)
    Affected: 7.43.0 , ≤ 7.43.0 (semver)
    Create a notification for this product.
    Credits
    Muhamad Arga Reksapati Stefan Eissing
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8458",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T17:31:14.007899Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T17:32:06.018Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3721183"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.20.0",
                  "status": "affected",
                  "version": "8.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.45.0",
                  "status": "affected",
                  "version": "7.45.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.44.0",
                  "status": "affected",
                  "version": "7.44.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.43.0",
                  "status": "affected",
                  "version": "7.43.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Muhamad Arga Reksapati"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stefan Eissing"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "libcurl might in some circumstances reuse the wrong connection when asked to\ndo Negotiate-authenticated ones, even when they are set to use different\n\u0027services\u0027.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criteria must be met. Due to a logical\nerror in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different services."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-488 Exposure of Data Element to Wrong Session",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T06:14:42.258Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-8458.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-8458.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3721183"
            }
          ],
          "title": "wrong reuse for different services"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-8458",
        "datePublished": "2026-07-03T06:14:42.258Z",
        "dateReserved": "2026-05-13T08:33:36.632Z",
        "dateUpdated": "2026-07-06T17:32:06.018Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8286 (GCVE-0-2026-8286)

    Vulnerability from nvd – Published: 2026-07-03 06:14 – Updated: 2026-07-06 17:33
    VLAI
    Title
    wrong STARTTLS connection reuse
    Summary
    A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.20.0 , ≤ 8.20.0 (semver)
    Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Affected: 7.45.0 , ≤ 7.45.0 (semver)
    Affected: 7.44.0 , ≤ 7.44.0 (semver)
    Affected: 7.43.0 , ≤ 7.43.0 (semver)
    Affected: 7.42.1 , ≤ 7.42.1 (semver)
    Affected: 7.42.0 , ≤ 7.42.0 (semver)
    Affected: 7.41.0 , ≤ 7.41.0 (semver)
    Affected: 7.40.0 , ≤ 7.40.0 (semver)
    Affected: 7.39.0 , ≤ 7.39.0 (semver)
    Affected: 7.38.0 , ≤ 7.38.0 (semver)
    Affected: 7.37.1 , ≤ 7.37.1 (semver)
    Affected: 7.37.0 , ≤ 7.37.0 (semver)
    Affected: 7.36.0 , ≤ 7.36.0 (semver)
    Affected: 7.35.0 , ≤ 7.35.0 (semver)
    Affected: 7.34.0 , ≤ 7.34.0 (semver)
    Affected: 7.33.0 , ≤ 7.33.0 (semver)
    Affected: 7.32.0 , ≤ 7.32.0 (semver)
    Affected: 7.31.0 , ≤ 7.31.0 (semver)
    Affected: 7.30.0 , ≤ 7.30.0 (semver)
    Create a notification for this product.
    Credits
    Andrew Nesbitt (powered by Mythos) Stefan Eissing
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8286",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T17:33:16.174641Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T17:33:50.416Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3718195"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.20.0",
                  "status": "affected",
                  "version": "8.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.45.0",
                  "status": "affected",
                  "version": "7.45.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.44.0",
                  "status": "affected",
                  "version": "7.44.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.43.0",
                  "status": "affected",
                  "version": "7.43.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.1",
                  "status": "affected",
                  "version": "7.42.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.0",
                  "status": "affected",
                  "version": "7.42.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.41.0",
                  "status": "affected",
                  "version": "7.41.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.40.0",
                  "status": "affected",
                  "version": "7.40.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.39.0",
                  "status": "affected",
                  "version": "7.39.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.38.0",
                  "status": "affected",
                  "version": "7.38.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.1",
                  "status": "affected",
                  "version": "7.37.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.0",
                  "status": "affected",
                  "version": "7.37.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.36.0",
                  "status": "affected",
                  "version": "7.36.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.35.0",
                  "status": "affected",
                  "version": "7.35.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.34.0",
                  "status": "affected",
                  "version": "7.34.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.33.0",
                  "status": "affected",
                  "version": "7.33.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.32.0",
                  "status": "affected",
                  "version": "7.32.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.31.0",
                  "status": "affected",
                  "version": "7.31.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.30.0",
                  "status": "affected",
                  "version": "7.30.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Andrew Nesbitt (powered by Mythos)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stefan Eissing"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability exists where a new transfer that uses STARTTLS to upgrade the\nconnection might reuse an existing live connection even though the TLS\nconfiguration mismatches so it should not."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T06:14:17.541Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-8286.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-8286.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3718195"
            }
          ],
          "title": "wrong STARTTLS connection reuse"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-8286",
        "datePublished": "2026-07-03T06:14:17.541Z",
        "dateReserved": "2026-05-11T07:06:37.906Z",
        "dateUpdated": "2026-07-06T17:33:50.416Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12064 (GCVE-0-2026-12064)

    Vulnerability from nvd – Published: 2026-07-03 06:13 – Updated: 2026-07-06 18:21
    VLAI
    Title
    proto-default skips SSH verification
    Summary
    When a user invokes curl using a schemeless URL combined with `--proto-default` sftp (or scp), a disconnect occurs between the tool layer and libcurl. The tool layer incorrectly infers the URL scheme, which erroneously bypasses the initialization of critical SSH security options like CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 and CURLOPT_SSH_KNOWNHOSTS. Conversely, the libcurl runtime successfully honors CURLOPT_DEFAULT_PROTOCOL and establishes the connection via SFTP/SCP as specified. Because the tool layer skipped the security configuration, these SSH host verification options are silently omitted, causing curl to connect to an unverified SSH remote host without throwing an error.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.20.0 , ≤ 8.20.0 (semver)
    Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Create a notification for this product.
    Credits
    alienowo on hackerone (AntAISecurityLab) Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12064",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T18:19:34.951461Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T18:21:00.665Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3797526"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.20.0",
                  "status": "affected",
                  "version": "8.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "alienowo on hackerone (AntAISecurityLab)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When a user invokes curl using a schemeless URL combined with\n`--proto-default` sftp (or scp), a disconnect occurs between the tool layer\nand libcurl. The tool layer incorrectly infers the URL scheme, which\nerroneously bypasses the initialization of critical SSH security options like\nCURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 and CURLOPT_SSH_KNOWNHOSTS. Conversely, the\nlibcurl runtime successfully honors CURLOPT_DEFAULT_PROTOCOL and establishes\nthe connection via SFTP/SCP as specified. Because the tool layer skipped the\nsecurity configuration, these SSH host verification options are silently\nomitted, causing curl to connect to an unverified SSH remote host without\nthrowing an error."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-297 Improper Validation of Certificate with Host Mismatch",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T06:13:55.302Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-12064.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-12064.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3797526"
            }
          ],
          "title": "proto-default skips SSH verification"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-12064",
        "datePublished": "2026-07-03T06:13:55.302Z",
        "dateReserved": "2026-06-12T07:23:29.455Z",
        "dateUpdated": "2026-07-06T18:21:00.665Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11856 (GCVE-0-2026-11856)

    Vulnerability from nvd – Published: 2026-07-03 06:13 – Updated: 2026-07-06 18:23
    VLAI
    Title
    cross-origin Digest auth state leak
    Summary
    Successfully using libcurl to do a transfer to a specific HTTP origin (`hostA`) with **Digest** authentication and then changing the origin to a different one (`hostB`) for a second transfer, reusing the same handle, makes libcurl wrongly pass on the `Authorization:` header field meant for `hostA`, to `hostB`.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.20.0 , ≤ 8.20.0 (semver)
    Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Affected: 7.45.0 , ≤ 7.45.0 (semver)
    Affected: 7.44.0 , ≤ 7.44.0 (semver)
    Affected: 7.43.0 , ≤ 7.43.0 (semver)
    Affected: 7.42.1 , ≤ 7.42.1 (semver)
    Affected: 7.42.0 , ≤ 7.42.0 (semver)
    Affected: 7.41.0 , ≤ 7.41.0 (semver)
    Affected: 7.40.0 , ≤ 7.40.0 (semver)
    Affected: 7.39.0 , ≤ 7.39.0 (semver)
    Affected: 7.38.0 , ≤ 7.38.0 (semver)
    Affected: 7.37.1 , ≤ 7.37.1 (semver)
    Affected: 7.37.0 , ≤ 7.37.0 (semver)
    Affected: 7.36.0 , ≤ 7.36.0 (semver)
    Affected: 7.35.0 , ≤ 7.35.0 (semver)
    Affected: 7.34.0 , ≤ 7.34.0 (semver)
    Affected: 7.33.0 , ≤ 7.33.0 (semver)
    Affected: 7.32.0 , ≤ 7.32.0 (semver)
    Affected: 7.31.0 , ≤ 7.31.0 (semver)
    Affected: 7.30.0 , ≤ 7.30.0 (semver)
    Affected: 7.29.0 , ≤ 7.29.0 (semver)
    Affected: 7.28.1 , ≤ 7.28.1 (semver)
    Affected: 7.28.0 , ≤ 7.28.0 (semver)
    Affected: 7.27.0 , ≤ 7.27.0 (semver)
    Affected: 7.26.0 , ≤ 7.26.0 (semver)
    Affected: 7.25.0 , ≤ 7.25.0 (semver)
    Affected: 7.24.0 , ≤ 7.24.0 (semver)
    Affected: 7.23.1 , ≤ 7.23.1 (semver)
    Affected: 7.23.0 , ≤ 7.23.0 (semver)
    Affected: 7.22.0 , ≤ 7.22.0 (semver)
    Affected: 7.21.7 , ≤ 7.21.7 (semver)
    Affected: 7.21.6 , ≤ 7.21.6 (semver)
    Affected: 7.21.5 , ≤ 7.21.5 (semver)
    Affected: 7.21.4 , ≤ 7.21.4 (semver)
    Affected: 7.21.3 , ≤ 7.21.3 (semver)
    Affected: 7.21.2 , ≤ 7.21.2 (semver)
    Affected: 7.21.1 , ≤ 7.21.1 (semver)
    Affected: 7.21.0 , ≤ 7.21.0 (semver)
    Affected: 7.20.1 , ≤ 7.20.1 (semver)
    Affected: 7.20.0 , ≤ 7.20.0 (semver)
    Affected: 7.19.7 , ≤ 7.19.7 (semver)
    Affected: 7.19.6 , ≤ 7.19.6 (semver)
    Affected: 7.19.5 , ≤ 7.19.5 (semver)
    Affected: 7.19.4 , ≤ 7.19.4 (semver)
    Affected: 7.19.3 , ≤ 7.19.3 (semver)
    Affected: 7.19.2 , ≤ 7.19.2 (semver)
    Affected: 7.19.1 , ≤ 7.19.1 (semver)
    Affected: 7.19.0 , ≤ 7.19.0 (semver)
    Affected: 7.18.2 , ≤ 7.18.2 (semver)
    Affected: 7.18.1 , ≤ 7.18.1 (semver)
    Affected: 7.18.0 , ≤ 7.18.0 (semver)
    Affected: 7.17.1 , ≤ 7.17.1 (semver)
    Affected: 7.17.0 , ≤ 7.17.0 (semver)
    Affected: 7.16.4 , ≤ 7.16.4 (semver)
    Affected: 7.16.3 , ≤ 7.16.3 (semver)
    Affected: 7.16.2 , ≤ 7.16.2 (semver)
    Affected: 7.16.1 , ≤ 7.16.1 (semver)
    Affected: 7.16.0 , ≤ 7.16.0 (semver)
    Affected: 7.15.5 , ≤ 7.15.5 (semver)
    Affected: 7.15.4 , ≤ 7.15.4 (semver)
    Affected: 7.15.3 , ≤ 7.15.3 (semver)
    Affected: 7.15.2 , ≤ 7.15.2 (semver)
    Affected: 7.15.1 , ≤ 7.15.1 (semver)
    Affected: 7.15.0 , ≤ 7.15.0 (semver)
    Affected: 7.14.1 , ≤ 7.14.1 (semver)
    Affected: 7.14.0 , ≤ 7.14.0 (semver)
    Affected: 7.13.2 , ≤ 7.13.2 (semver)
    Affected: 7.13.1 , ≤ 7.13.1 (semver)
    Affected: 7.13.0 , ≤ 7.13.0 (semver)
    Affected: 7.12.3 , ≤ 7.12.3 (semver)
    Affected: 7.12.2 , ≤ 7.12.2 (semver)
    Affected: 7.12.1 , ≤ 7.12.1 (semver)
    Affected: 7.12.0 , ≤ 7.12.0 (semver)
    Affected: 7.11.2 , ≤ 7.11.2 (semver)
    Affected: 7.11.1 , ≤ 7.11.1 (semver)
    Affected: 7.11.0 , ≤ 7.11.0 (semver)
    Affected: 7.10.8 , ≤ 7.10.8 (semver)
    Affected: 7.10.7 , ≤ 7.10.7 (semver)
    Affected: 7.10.6 , ≤ 7.10.6 (semver)
    Create a notification for this product.
    Credits
    jjchuck on hackerone Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11856",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T18:22:46.260282Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T18:23:52.111Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3793260"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.20.0",
                  "status": "affected",
                  "version": "8.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.45.0",
                  "status": "affected",
                  "version": "7.45.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.44.0",
                  "status": "affected",
                  "version": "7.44.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.43.0",
                  "status": "affected",
                  "version": "7.43.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.1",
                  "status": "affected",
                  "version": "7.42.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.0",
                  "status": "affected",
                  "version": "7.42.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.41.0",
                  "status": "affected",
                  "version": "7.41.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.40.0",
                  "status": "affected",
                  "version": "7.40.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.39.0",
                  "status": "affected",
                  "version": "7.39.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.38.0",
                  "status": "affected",
                  "version": "7.38.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.1",
                  "status": "affected",
                  "version": "7.37.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.0",
                  "status": "affected",
                  "version": "7.37.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.36.0",
                  "status": "affected",
                  "version": "7.36.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.35.0",
                  "status": "affected",
                  "version": "7.35.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.34.0",
                  "status": "affected",
                  "version": "7.34.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.33.0",
                  "status": "affected",
                  "version": "7.33.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.32.0",
                  "status": "affected",
                  "version": "7.32.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.31.0",
                  "status": "affected",
                  "version": "7.31.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.30.0",
                  "status": "affected",
                  "version": "7.30.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.29.0",
                  "status": "affected",
                  "version": "7.29.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.1",
                  "status": "affected",
                  "version": "7.28.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.0",
                  "status": "affected",
                  "version": "7.28.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.27.0",
                  "status": "affected",
                  "version": "7.27.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.26.0",
                  "status": "affected",
                  "version": "7.26.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.25.0",
                  "status": "affected",
                  "version": "7.25.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.24.0",
                  "status": "affected",
                  "version": "7.24.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.1",
                  "status": "affected",
                  "version": "7.23.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.0",
                  "status": "affected",
                  "version": "7.23.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.22.0",
                  "status": "affected",
                  "version": "7.22.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.7",
                  "status": "affected",
                  "version": "7.21.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.6",
                  "status": "affected",
                  "version": "7.21.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.5",
                  "status": "affected",
                  "version": "7.21.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.4",
                  "status": "affected",
                  "version": "7.21.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.3",
                  "status": "affected",
                  "version": "7.21.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.2",
                  "status": "affected",
                  "version": "7.21.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.1",
                  "status": "affected",
                  "version": "7.21.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.0",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.1",
                  "status": "affected",
                  "version": "7.20.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.0",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.7",
                  "status": "affected",
                  "version": "7.19.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.6",
                  "status": "affected",
                  "version": "7.19.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.5",
                  "status": "affected",
                  "version": "7.19.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.4",
                  "status": "affected",
                  "version": "7.19.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.3",
                  "status": "affected",
                  "version": "7.19.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.2",
                  "status": "affected",
                  "version": "7.19.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.1",
                  "status": "affected",
                  "version": "7.19.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.0",
                  "status": "affected",
                  "version": "7.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.2",
                  "status": "affected",
                  "version": "7.18.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.1",
                  "status": "affected",
                  "version": "7.18.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.0",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.1",
                  "status": "affected",
                  "version": "7.17.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.0",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.4",
                  "status": "affected",
                  "version": "7.16.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.3",
                  "status": "affected",
                  "version": "7.16.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.2",
                  "status": "affected",
                  "version": "7.16.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.1",
                  "status": "affected",
                  "version": "7.16.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.0",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.5",
                  "status": "affected",
                  "version": "7.15.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.4",
                  "status": "affected",
                  "version": "7.15.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.3",
                  "status": "affected",
                  "version": "7.15.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.2",
                  "status": "affected",
                  "version": "7.15.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.1",
                  "status": "affected",
                  "version": "7.15.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.0",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.1",
                  "status": "affected",
                  "version": "7.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.0",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.2",
                  "status": "affected",
                  "version": "7.13.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.1",
                  "status": "affected",
                  "version": "7.13.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.0",
                  "status": "affected",
                  "version": "7.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.3",
                  "status": "affected",
                  "version": "7.12.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.2",
                  "status": "affected",
                  "version": "7.12.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.1",
                  "status": "affected",
                  "version": "7.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.0",
                  "status": "affected",
                  "version": "7.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.11.2",
                  "status": "affected",
                  "version": "7.11.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.11.1",
                  "status": "affected",
                  "version": "7.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.11.0",
                  "status": "affected",
                  "version": "7.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.8",
                  "status": "affected",
                  "version": "7.10.8",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.7",
                  "status": "affected",
                  "version": "7.10.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.6",
                  "status": "affected",
                  "version": "7.10.6",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "jjchuck on hackerone"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Successfully using libcurl to do a transfer to a specific HTTP origin\n(`hostA`) with **Digest** authentication and then changing the origin to a\ndifferent one (`hostB`) for a second transfer, reusing the same handle, makes\nlibcurl wrongly pass on the  `Authorization:` header field meant for `hostA`,\nto `hostB`."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-294 Authentication Bypass by Capture-replay",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T06:13:31.661Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-11856.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-11856.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3793260"
            }
          ],
          "title": "cross-origin Digest auth state leak"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-11856",
        "datePublished": "2026-07-03T06:13:31.661Z",
        "dateReserved": "2026-06-10T08:59:16.646Z",
        "dateUpdated": "2026-07-06T18:23:52.111Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11586 (GCVE-0-2026-11586)

    Vulnerability from nvd – Published: 2026-07-03 06:13 – Updated: 2026-07-06 15:16
    VLAI
    Title
    WS Auto-PONG memory exhaustion
    Summary
    By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.20.0 , ≤ 8.20.0 (semver)
    Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Create a notification for this product.
    Credits
    evergarden1123 on hackerone (AntAISecurityLab) Stefan Eissing
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11586",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T15:16:22.568075Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T15:16:27.052Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.20.0",
                  "status": "affected",
                  "version": "8.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "evergarden1123 on hackerone (AntAISecurityLab)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stefan Eissing"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "By default, curl automatically responds to WebSocket PING frames. Because curl\nlacks an upper bound on memory allocation for unacknowledged frames, a\nmalicious server can exhaust all available memory by flooding curl with rapid,\nsequential PING messages."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T06:13:04.448Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-11586.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-11586.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3788931"
            }
          ],
          "title": "WS Auto-PONG memory exhaustion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-11586",
        "datePublished": "2026-07-03T06:13:04.448Z",
        "dateReserved": "2026-06-08T12:17:42.037Z",
        "dateUpdated": "2026-07-06T15:16:27.052Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11564 (GCVE-0-2026-11564)

    Vulnerability from nvd – Published: 2026-07-03 06:12 – Updated: 2026-07-06 17:10
    VLAI
    Title
    Native CA trust persist
    Summary
    libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA material for a later transfer.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.20.0 , ≤ 8.20.0 (semver)
    Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Create a notification for this product.
    Credits
    Filipe Casal of Trail of Bits in collaboration with OpenAI Stefan Eissing
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11564",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T17:09:36.356822Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T17:10:33.352Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3788984"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.20.0",
                  "status": "affected",
                  "version": "8.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Filipe Casal of Trail of Bits in collaboration with OpenAI"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stefan Eissing"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "libcurl keeps previously used connections in a connection pool for subsequent\ntransfers to reuse if one of them matches the setup.\n\nAn easy handle that first uses default native CA trust can continue trusting\nthe native platform store after the application switches that same handle to\ncustom CA material for a later transfer."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T06:12:35.251Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-11564.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-11564.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3788984"
            }
          ],
          "title": "Native CA trust persist"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-11564",
        "datePublished": "2026-07-03T06:12:35.251Z",
        "dateReserved": "2026-06-08T08:22:50.089Z",
        "dateUpdated": "2026-07-06T17:10:33.352Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11352 (GCVE-0-2026-11352)

    Vulnerability from nvd – Published: 2026-07-03 06:12 – Updated: 2026-07-06 18:27
    VLAI
    Title
    QUIC zero-length UDP datagrams busy-loop
    Summary
    An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can continuously stream empty datagrams to indefinitely stall the client.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.20.0 , ≤ 8.20.0 (semver)
    Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Create a notification for this product.
    Credits
    vectorqueue on hackerone (AntAISecurityLab) Stefan Eissing
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11352",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T18:26:03.249042Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T18:27:49.432Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3783438"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.20.0",
                  "status": "affected",
                  "version": "8.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "vectorqueue on hackerone (AntAISecurityLab)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stefan Eissing"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue in curl\u2019s QUIC UDP receive function allows a malicious HTTP/3 server\nto trigger a remote denial of service against a curl or libcurl client.\nBecause the helper function discards zero-length UDP datagrams before counting\nthem toward the per-call packet budget, a connected QUIC peer can continuously\nstream empty datagrams to indefinitely stall the client."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T06:12:10.777Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-11352.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-11352.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3783438"
            }
          ],
          "title": "QUIC zero-length UDP datagrams busy-loop"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-11352",
        "datePublished": "2026-07-03T06:12:10.777Z",
        "dateReserved": "2026-06-05T11:23:43.389Z",
        "dateUpdated": "2026-07-06T18:27:49.432Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-10536 (GCVE-0-2026-10536)

    Vulnerability from nvd – Published: 2026-07-03 06:11 – Updated: 2026-07-06 18:29
    VLAI
    Title
    HTTP/2 stream-dependency tree UAF
    Summary
    A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or `CURLOPT_STREAM_DEPENDS_E`, subsequently invokes `curl_easy_reset()`, and finally terminates the handle with `curl_easy_cleanup()`. During this final cleanup phase, libcurl attempts to access and modify an internal structure that was already freed during the reset operation.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.20.0 , ≤ 8.20.0 (semver)
    Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Create a notification for this product.
    Credits
    Joshua Rogers (Aisle Research) Stefan Eissing
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-10536",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T18:28:36.822614Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T18:29:27.171Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3751697"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.20.0",
                  "status": "affected",
                  "version": "8.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Joshua Rogers (Aisle Research)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stefan Eissing"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A use-after-free vulnerability exists in libcurl when an application\nconfigures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or\n`CURLOPT_STREAM_DEPENDS_E`, subsequently invokes `curl_easy_reset()`, and\nfinally terminates the handle with `curl_easy_cleanup()`. During this final\ncleanup phase, libcurl attempts to access and modify an internal structure\nthat was already freed during the reset operation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-416 Use After Free",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T06:11:15.378Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-10536.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-10536.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3751697"
            }
          ],
          "title": "HTTP/2 stream-dependency tree UAF"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-10536",
        "datePublished": "2026-07-03T06:11:15.378Z",
        "dateReserved": "2026-06-01T11:49:55.548Z",
        "dateUpdated": "2026-07-06T18:29:27.171Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9547 (GCVE-0-2026-9547)

    Vulnerability from cvelistv5 – Published: 2026-07-03 06:18 – Updated: 2026-07-06 16:48
    VLAI
    Title
    SSH improper host validation
    Summary
    When a libcurl-based application performs transfers via `SCP://` or `SFTP://` and utilizes the `CURLOPT_SSH_KEYFUNCTION` callback, it may silently accept an untrusted server. This vulnerability occurs when a server presents a host key type that does not match the specific key type already recorded for that host in the `known_hosts` file. Instead of rejecting the mismatch, the callback mechanism fails to properly enforce the restriction, allowing the connection to succeed without warning and risking a potential man-in-the-middle attack.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.20.0 , ≤ 8.20.0 (semver)
    Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Create a notification for this product.
    Credits
    Joshua Rogers (Aisle Research) Joshua Rogers (Aisle Research)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.4,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9547",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T16:47:32.456534Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T16:48:14.469Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3751712"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.20.0",
                  "status": "affected",
                  "version": "8.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Joshua Rogers (Aisle Research)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Joshua Rogers (Aisle Research)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When a libcurl-based application performs transfers via `SCP://` or `SFTP://`\nand utilizes the `CURLOPT_SSH_KEYFUNCTION` callback, it may silently accept an\nuntrusted server. This vulnerability occurs when a server presents a host key\ntype that does not match the specific key type already recorded for that host\nin the `known_hosts` file. Instead of rejecting the mismatch, the callback\nmechanism fails to properly enforce the restriction, allowing the connection\nto succeed without warning and risking a potential man-in-the-middle attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-297 Improper Validation of Certificate with Host Mismatch",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T06:18:44.499Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-9547.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-9547.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3751712"
            }
          ],
          "title": "SSH improper host validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-9547",
        "datePublished": "2026-07-03T06:18:44.499Z",
        "dateReserved": "2026-05-26T06:45:27.665Z",
        "dateUpdated": "2026-07-06T16:48:14.469Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9546 (GCVE-0-2026-9546)

    Vulnerability from cvelistv5 – Published: 2026-07-03 06:18 – Updated: 2026-07-06 16:51
    VLAI
    Title
    sending old referer
    Summary
    A vulnerability in libcurl caused the HTTP `Referer:` header to persist even when explicitly cleared. While the documentation states that passing NULL to `CURLOPT_REFERER` suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously reused and sent in subsequent requests, potentially leaking sensitive information to unintended servers.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.20.0 , ≤ 8.20.0 (semver)
    Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Create a notification for this product.
    Credits
    renjian on hackerone Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9546",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T16:51:06.094113Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T16:51:49.410Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3754343"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.20.0",
                  "status": "affected",
                  "version": "8.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "renjian on hackerone"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in libcurl caused the HTTP `Referer:` header to persist even\nwhen explicitly cleared. While the documentation states that passing NULL to\n`CURLOPT_REFERER` suppresses the header, the option failed to clear the\ninternal state. As a result the previous referrer string was erroneously\nreused and sent in subsequent requests, potentially leaking sensitive\ninformation to unintended servers."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T06:18:14.447Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-9546.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-9546.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3754343"
            }
          ],
          "title": "sending old referer"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-9546",
        "datePublished": "2026-07-03T06:18:14.447Z",
        "dateReserved": "2026-05-26T06:45:18.723Z",
        "dateUpdated": "2026-07-06T16:51:49.410Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9545 (GCVE-0-2026-9545)

    Vulnerability from cvelistv5 – Published: 2026-07-03 06:17 – Updated: 2026-07-06 16:53
    VLAI
    Title
    exposing HTTP/3 early data
    Summary
    In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL session (`CURLOPT_SSL_SESSIONID_CACHE` is not disabled) and early data enabled (the `CURLSSLOPT_EARLYDATA` bit is set in `CURLOPT_SSL_OPTIONS`), libcurl might send off the second request's bytes on that new connection *before* enforcing the certificate verification failure. Potentially leaking sensitive information.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.20.0 , ≤ 8.20.0 (semver)
    Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Create a notification for this product.
    Credits
    Eunsoo Kim (Autonomous Code Security team at Microsoft) Stefan Eissing
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9545",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T16:52:42.898546Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T16:53:23.396Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3752888"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.20.0",
                  "status": "affected",
                  "version": "8.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Eunsoo Kim (Autonomous Code Security team at Microsoft)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stefan Eissing"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In this scenario, libcurl first uses a proper HTTP/3 server for the initial\ntransfers, and when it makes a second transfer to the same site it has been\nreplaced by the attacker\u0027s impostor machine - without a valid certificate.\n\nWhen libcurl returns to the hostname the second time with a cached SSL session\n(`CURLOPT_SSL_SESSIONID_CACHE` is not disabled) and early data enabled (the\n`CURLSSLOPT_EARLYDATA` bit is set in `CURLOPT_SSL_OPTIONS`), libcurl might\nsend off the second request\u0027s bytes on that new connection *before* enforcing\nthe certificate verification failure. Potentially leaking sensitive\ninformation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T06:17:55.931Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-9545.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-9545.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3752888"
            }
          ],
          "title": "exposing HTTP/3 early data"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-9545",
        "datePublished": "2026-07-03T06:17:55.931Z",
        "dateReserved": "2026-05-26T06:45:08.680Z",
        "dateUpdated": "2026-07-06T16:53:23.396Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9080 (GCVE-0-2026-9080)

    Vulnerability from cvelistv5 – Published: 2026-07-03 06:17 – Updated: 2026-07-06 16:55
    VLAI
    Title
    UAF after pause in socket callback
    Summary
    Calling `curl_easy_pause()` within the event-based `CURLMOPT_SOCKETFUNCTION` callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.20.0 , ≤ 8.20.0 (semver)
    Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Create a notification for this product.
    Credits
    Joshua Rogers (Aisle Research) Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 7.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9080",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T16:54:41.919630Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T16:55:16.890Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3749204"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.20.0",
                  "status": "affected",
                  "version": "8.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Joshua Rogers (Aisle Research)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Calling `curl_easy_pause()` within the event-based `CURLMOPT_SOCKETFUNCTION`\ncallback triggers a use-after-free vulnerability, where libcurl attempts to\nstore a flag using a dangling struct pointer immediately after that pointer\u0027s\nmemory has been freed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-416 Use After Free",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T06:17:34.905Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-9080.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-9080.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3749204"
            }
          ],
          "title": "UAF after pause in socket callback"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-9080",
        "datePublished": "2026-07-03T06:17:34.905Z",
        "dateReserved": "2026-05-20T12:59:50.588Z",
        "dateUpdated": "2026-07-06T16:55:16.890Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9079 (GCVE-0-2026-9079)

    Vulnerability from cvelistv5 – Published: 2026-07-03 06:16 – Updated: 2026-07-06 16:49
    VLAI
    Title
    stale proxy password leak
    Summary
    libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.20.0 , ≤ 8.20.0 (semver)
    Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Create a notification for this product.
    Credits
    Guancheng Li Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9079",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T16:49:15.639683Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T16:49:56.248Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3750295"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.20.0",
                  "status": "affected",
                  "version": "8.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Guancheng Li"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "libcurl had a flaw that when instructed to clear proxy authentication\ncredentials which made it not do so, leaving the old credentials around to get\nused for subsequent transfers that should not know nor use them."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T06:16:51.127Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-9079.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-9079.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3750295"
            }
          ],
          "title": "stale proxy password leak"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-9079",
        "datePublished": "2026-07-03T06:16:51.127Z",
        "dateReserved": "2026-05-20T12:59:41.444Z",
        "dateUpdated": "2026-07-06T16:49:56.248Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8932 (GCVE-0-2026-8932)

    Vulnerability from cvelistv5 – Published: 2026-07-03 06:16 – Updated: 2026-07-06 16:59
    VLAI
    Title
    incomplete mTLS config matching in conn reuse
    Summary
    libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS settings related to client certificates were left out from the configuration match checks, making them match too easily. In particular options related to the private key.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.20.0 , ≤ 8.20.0 (semver)
    Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Affected: 7.45.0 , ≤ 7.45.0 (semver)
    Affected: 7.44.0 , ≤ 7.44.0 (semver)
    Affected: 7.43.0 , ≤ 7.43.0 (semver)
    Affected: 7.42.1 , ≤ 7.42.1 (semver)
    Affected: 7.42.0 , ≤ 7.42.0 (semver)
    Affected: 7.41.0 , ≤ 7.41.0 (semver)
    Affected: 7.40.0 , ≤ 7.40.0 (semver)
    Affected: 7.39.0 , ≤ 7.39.0 (semver)
    Affected: 7.38.0 , ≤ 7.38.0 (semver)
    Affected: 7.37.1 , ≤ 7.37.1 (semver)
    Affected: 7.37.0 , ≤ 7.37.0 (semver)
    Affected: 7.36.0 , ≤ 7.36.0 (semver)
    Affected: 7.35.0 , ≤ 7.35.0 (semver)
    Affected: 7.34.0 , ≤ 7.34.0 (semver)
    Affected: 7.33.0 , ≤ 7.33.0 (semver)
    Affected: 7.32.0 , ≤ 7.32.0 (semver)
    Affected: 7.31.0 , ≤ 7.31.0 (semver)
    Affected: 7.30.0 , ≤ 7.30.0 (semver)
    Affected: 7.29.0 , ≤ 7.29.0 (semver)
    Affected: 7.28.1 , ≤ 7.28.1 (semver)
    Affected: 7.28.0 , ≤ 7.28.0 (semver)
    Affected: 7.27.0 , ≤ 7.27.0 (semver)
    Affected: 7.26.0 , ≤ 7.26.0 (semver)
    Affected: 7.25.0 , ≤ 7.25.0 (semver)
    Affected: 7.24.0 , ≤ 7.24.0 (semver)
    Affected: 7.23.1 , ≤ 7.23.1 (semver)
    Affected: 7.23.0 , ≤ 7.23.0 (semver)
    Affected: 7.22.0 , ≤ 7.22.0 (semver)
    Affected: 7.21.7 , ≤ 7.21.7 (semver)
    Affected: 7.21.6 , ≤ 7.21.6 (semver)
    Affected: 7.21.5 , ≤ 7.21.5 (semver)
    Affected: 7.21.4 , ≤ 7.21.4 (semver)
    Affected: 7.21.3 , ≤ 7.21.3 (semver)
    Affected: 7.21.2 , ≤ 7.21.2 (semver)
    Affected: 7.21.1 , ≤ 7.21.1 (semver)
    Affected: 7.21.0 , ≤ 7.21.0 (semver)
    Affected: 7.20.1 , ≤ 7.20.1 (semver)
    Affected: 7.20.0 , ≤ 7.20.0 (semver)
    Affected: 7.19.7 , ≤ 7.19.7 (semver)
    Affected: 7.19.6 , ≤ 7.19.6 (semver)
    Affected: 7.19.5 , ≤ 7.19.5 (semver)
    Affected: 7.19.4 , ≤ 7.19.4 (semver)
    Affected: 7.19.3 , ≤ 7.19.3 (semver)
    Affected: 7.19.2 , ≤ 7.19.2 (semver)
    Affected: 7.19.1 , ≤ 7.19.1 (semver)
    Affected: 7.19.0 , ≤ 7.19.0 (semver)
    Affected: 7.18.2 , ≤ 7.18.2 (semver)
    Affected: 7.18.1 , ≤ 7.18.1 (semver)
    Affected: 7.18.0 , ≤ 7.18.0 (semver)
    Affected: 7.17.1 , ≤ 7.17.1 (semver)
    Affected: 7.17.0 , ≤ 7.17.0 (semver)
    Affected: 7.16.4 , ≤ 7.16.4 (semver)
    Affected: 7.16.3 , ≤ 7.16.3 (semver)
    Affected: 7.16.2 , ≤ 7.16.2 (semver)
    Affected: 7.16.1 , ≤ 7.16.1 (semver)
    Affected: 7.16.0 , ≤ 7.16.0 (semver)
    Affected: 7.15.5 , ≤ 7.15.5 (semver)
    Affected: 7.15.4 , ≤ 7.15.4 (semver)
    Affected: 7.15.3 , ≤ 7.15.3 (semver)
    Affected: 7.15.2 , ≤ 7.15.2 (semver)
    Affected: 7.15.1 , ≤ 7.15.1 (semver)
    Affected: 7.15.0 , ≤ 7.15.0 (semver)
    Affected: 7.14.1 , ≤ 7.14.1 (semver)
    Affected: 7.14.0 , ≤ 7.14.0 (semver)
    Affected: 7.13.2 , ≤ 7.13.2 (semver)
    Affected: 7.13.1 , ≤ 7.13.1 (semver)
    Affected: 7.13.0 , ≤ 7.13.0 (semver)
    Affected: 7.12.3 , ≤ 7.12.3 (semver)
    Affected: 7.12.2 , ≤ 7.12.2 (semver)
    Affected: 7.12.1 , ≤ 7.12.1 (semver)
    Affected: 7.12.0 , ≤ 7.12.0 (semver)
    Affected: 7.11.2 , ≤ 7.11.2 (semver)
    Affected: 7.11.1 , ≤ 7.11.1 (semver)
    Affected: 7.11.0 , ≤ 7.11.0 (semver)
    Affected: 7.10.8 , ≤ 7.10.8 (semver)
    Affected: 7.10.7 , ≤ 7.10.7 (semver)
    Affected: 7.10.6 , ≤ 7.10.6 (semver)
    Affected: 7.10.5 , ≤ 7.10.5 (semver)
    Affected: 7.10.4 , ≤ 7.10.4 (semver)
    Affected: 7.10.3 , ≤ 7.10.3 (semver)
    Affected: 7.10.2 , ≤ 7.10.2 (semver)
    Affected: 7.10.1 , ≤ 7.10.1 (semver)
    Affected: 7.10 , ≤ 7.10 (semver)
    Affected: 7.9.8 , ≤ 7.9.8 (semver)
    Affected: 7.9.7 , ≤ 7.9.7 (semver)
    Affected: 7.9.6 , ≤ 7.9.6 (semver)
    Affected: 7.9.5 , ≤ 7.9.5 (semver)
    Affected: 7.9.4 , ≤ 7.9.4 (semver)
    Affected: 7.9.3 , ≤ 7.9.3 (semver)
    Affected: 7.9.2 , ≤ 7.9.2 (semver)
    Affected: 7.9.1 , ≤ 7.9.1 (semver)
    Affected: 7.9 , ≤ 7.9 (semver)
    Affected: 7.8.1 , ≤ 7.8.1 (semver)
    Affected: 7.8 , ≤ 7.8 (semver)
    Affected: 7.7.3 , ≤ 7.7.3 (semver)
    Affected: 7.7.2 , ≤ 7.7.2 (semver)
    Affected: 7.7.1 , ≤ 7.7.1 (semver)
    Affected: 7.7 , ≤ 7.7 (semver)
    Create a notification for this product.
    Credits
    Joshua Rogers (Aisle Research) Joshua Rogers (Aisle Research)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8932",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T16:58:28.124167Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T16:59:07.104Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3733910"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.20.0",
                  "status": "affected",
                  "version": "8.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.45.0",
                  "status": "affected",
                  "version": "7.45.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.44.0",
                  "status": "affected",
                  "version": "7.44.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.43.0",
                  "status": "affected",
                  "version": "7.43.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.1",
                  "status": "affected",
                  "version": "7.42.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.0",
                  "status": "affected",
                  "version": "7.42.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.41.0",
                  "status": "affected",
                  "version": "7.41.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.40.0",
                  "status": "affected",
                  "version": "7.40.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.39.0",
                  "status": "affected",
                  "version": "7.39.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.38.0",
                  "status": "affected",
                  "version": "7.38.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.1",
                  "status": "affected",
                  "version": "7.37.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.0",
                  "status": "affected",
                  "version": "7.37.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.36.0",
                  "status": "affected",
                  "version": "7.36.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.35.0",
                  "status": "affected",
                  "version": "7.35.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.34.0",
                  "status": "affected",
                  "version": "7.34.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.33.0",
                  "status": "affected",
                  "version": "7.33.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.32.0",
                  "status": "affected",
                  "version": "7.32.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.31.0",
                  "status": "affected",
                  "version": "7.31.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.30.0",
                  "status": "affected",
                  "version": "7.30.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.29.0",
                  "status": "affected",
                  "version": "7.29.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.1",
                  "status": "affected",
                  "version": "7.28.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.0",
                  "status": "affected",
                  "version": "7.28.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.27.0",
                  "status": "affected",
                  "version": "7.27.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.26.0",
                  "status": "affected",
                  "version": "7.26.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.25.0",
                  "status": "affected",
                  "version": "7.25.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.24.0",
                  "status": "affected",
                  "version": "7.24.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.1",
                  "status": "affected",
                  "version": "7.23.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.0",
                  "status": "affected",
                  "version": "7.23.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.22.0",
                  "status": "affected",
                  "version": "7.22.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.7",
                  "status": "affected",
                  "version": "7.21.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.6",
                  "status": "affected",
                  "version": "7.21.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.5",
                  "status": "affected",
                  "version": "7.21.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.4",
                  "status": "affected",
                  "version": "7.21.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.3",
                  "status": "affected",
                  "version": "7.21.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.2",
                  "status": "affected",
                  "version": "7.21.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.1",
                  "status": "affected",
                  "version": "7.21.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.0",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.1",
                  "status": "affected",
                  "version": "7.20.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.0",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.7",
                  "status": "affected",
                  "version": "7.19.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.6",
                  "status": "affected",
                  "version": "7.19.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.5",
                  "status": "affected",
                  "version": "7.19.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.4",
                  "status": "affected",
                  "version": "7.19.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.3",
                  "status": "affected",
                  "version": "7.19.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.2",
                  "status": "affected",
                  "version": "7.19.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.1",
                  "status": "affected",
                  "version": "7.19.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.0",
                  "status": "affected",
                  "version": "7.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.2",
                  "status": "affected",
                  "version": "7.18.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.1",
                  "status": "affected",
                  "version": "7.18.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.0",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.1",
                  "status": "affected",
                  "version": "7.17.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.0",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.4",
                  "status": "affected",
                  "version": "7.16.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.3",
                  "status": "affected",
                  "version": "7.16.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.2",
                  "status": "affected",
                  "version": "7.16.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.1",
                  "status": "affected",
                  "version": "7.16.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.0",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.5",
                  "status": "affected",
                  "version": "7.15.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.4",
                  "status": "affected",
                  "version": "7.15.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.3",
                  "status": "affected",
                  "version": "7.15.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.2",
                  "status": "affected",
                  "version": "7.15.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.1",
                  "status": "affected",
                  "version": "7.15.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.0",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.1",
                  "status": "affected",
                  "version": "7.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.0",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.2",
                  "status": "affected",
                  "version": "7.13.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.1",
                  "status": "affected",
                  "version": "7.13.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.0",
                  "status": "affected",
                  "version": "7.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.3",
                  "status": "affected",
                  "version": "7.12.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.2",
                  "status": "affected",
                  "version": "7.12.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.1",
                  "status": "affected",
                  "version": "7.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.0",
                  "status": "affected",
                  "version": "7.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.11.2",
                  "status": "affected",
                  "version": "7.11.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.11.1",
                  "status": "affected",
                  "version": "7.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.11.0",
                  "status": "affected",
                  "version": "7.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.8",
                  "status": "affected",
                  "version": "7.10.8",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.7",
                  "status": "affected",
                  "version": "7.10.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.6",
                  "status": "affected",
                  "version": "7.10.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.5",
                  "status": "affected",
                  "version": "7.10.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.4",
                  "status": "affected",
                  "version": "7.10.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.3",
                  "status": "affected",
                  "version": "7.10.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.2",
                  "status": "affected",
                  "version": "7.10.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10.1",
                  "status": "affected",
                  "version": "7.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.10",
                  "status": "affected",
                  "version": "7.10",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.8",
                  "status": "affected",
                  "version": "7.9.8",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.7",
                  "status": "affected",
                  "version": "7.9.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.6",
                  "status": "affected",
                  "version": "7.9.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.5",
                  "status": "affected",
                  "version": "7.9.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.4",
                  "status": "affected",
                  "version": "7.9.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.3",
                  "status": "affected",
                  "version": "7.9.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.2",
                  "status": "affected",
                  "version": "7.9.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9.1",
                  "status": "affected",
                  "version": "7.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.9",
                  "status": "affected",
                  "version": "7.9",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.8.1",
                  "status": "affected",
                  "version": "7.8.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.8",
                  "status": "affected",
                  "version": "7.8",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.7.3",
                  "status": "affected",
                  "version": "7.7.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.7.2",
                  "status": "affected",
                  "version": "7.7.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.7.1",
                  "status": "affected",
                  "version": "7.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.7",
                  "status": "affected",
                  "version": "7.7",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Joshua Rogers (Aisle Research)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Joshua Rogers (Aisle Research)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "libcurl would reuse a previously created connection even when some mTLS config\nrelated option had been changed that should have prohibited reuse.\n\nlibcurl keeps previously used connections in a connection pool for subsequent\ntransfers to reuse if one of them matches the setup. However, some TLS\nsettings related to client certificates were left out from the configuration\nmatch checks, making them match too easily. In particular options related to\nthe private key."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-305 Authentication Bypass by Primary Weakness",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T06:16:30.485Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-8932.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-8932.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3733910"
            }
          ],
          "title": "incomplete mTLS config matching in conn reuse"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-8932",
        "datePublished": "2026-07-03T06:16:30.485Z",
        "dateReserved": "2026-05-19T08:56:58.825Z",
        "dateUpdated": "2026-07-06T16:59:07.104Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8927 (GCVE-0-2026-8927)

    Vulnerability from cvelistv5 – Published: 2026-07-03 06:16 – Updated: 2026-07-06 17:01
    VLAI
    Title
    env-set cross-proxy Digest auth state leak
    Summary
    When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against `proxyA` using Digest auth, a subsequent transfer routed through `proxyB` erroneously leaks the `Proxy-Authorization:` header intended solely for `proxyA`.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.20.0 , ≤ 8.20.0 (semver)
    Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Affected: 7.45.0 , ≤ 7.45.0 (semver)
    Affected: 7.44.0 , ≤ 7.44.0 (semver)
    Affected: 7.43.0 , ≤ 7.43.0 (semver)
    Affected: 7.42.1 , ≤ 7.42.1 (semver)
    Affected: 7.42.0 , ≤ 7.42.0 (semver)
    Affected: 7.41.0 , ≤ 7.41.0 (semver)
    Affected: 7.40.0 , ≤ 7.40.0 (semver)
    Affected: 7.39.0 , ≤ 7.39.0 (semver)
    Affected: 7.38.0 , ≤ 7.38.0 (semver)
    Affected: 7.37.1 , ≤ 7.37.1 (semver)
    Affected: 7.37.0 , ≤ 7.37.0 (semver)
    Affected: 7.36.0 , ≤ 7.36.0 (semver)
    Affected: 7.35.0 , ≤ 7.35.0 (semver)
    Affected: 7.34.0 , ≤ 7.34.0 (semver)
    Affected: 7.33.0 , ≤ 7.33.0 (semver)
    Affected: 7.32.0 , ≤ 7.32.0 (semver)
    Affected: 7.31.0 , ≤ 7.31.0 (semver)
    Affected: 7.30.0 , ≤ 7.30.0 (semver)
    Affected: 7.29.0 , ≤ 7.29.0 (semver)
    Affected: 7.28.1 , ≤ 7.28.1 (semver)
    Affected: 7.28.0 , ≤ 7.28.0 (semver)
    Affected: 7.27.0 , ≤ 7.27.0 (semver)
    Affected: 7.26.0 , ≤ 7.26.0 (semver)
    Affected: 7.25.0 , ≤ 7.25.0 (semver)
    Affected: 7.24.0 , ≤ 7.24.0 (semver)
    Affected: 7.23.1 , ≤ 7.23.1 (semver)
    Affected: 7.23.0 , ≤ 7.23.0 (semver)
    Affected: 7.22.0 , ≤ 7.22.0 (semver)
    Affected: 7.21.7 , ≤ 7.21.7 (semver)
    Affected: 7.21.6 , ≤ 7.21.6 (semver)
    Affected: 7.21.5 , ≤ 7.21.5 (semver)
    Affected: 7.21.4 , ≤ 7.21.4 (semver)
    Affected: 7.21.3 , ≤ 7.21.3 (semver)
    Affected: 7.21.2 , ≤ 7.21.2 (semver)
    Affected: 7.21.1 , ≤ 7.21.1 (semver)
    Affected: 7.21.0 , ≤ 7.21.0 (semver)
    Affected: 7.20.1 , ≤ 7.20.1 (semver)
    Affected: 7.20.0 , ≤ 7.20.0 (semver)
    Affected: 7.19.7 , ≤ 7.19.7 (semver)
    Affected: 7.19.6 , ≤ 7.19.6 (semver)
    Affected: 7.19.5 , ≤ 7.19.5 (semver)
    Affected: 7.19.4 , ≤ 7.19.4 (semver)
    Affected: 7.19.3 , ≤ 7.19.3 (semver)
    Affected: 7.19.2 , ≤ 7.19.2 (semver)
    Affected: 7.19.1 , ≤ 7.19.1 (semver)
    Affected: 7.19.0 , ≤ 7.19.0 (semver)
    Affected: 7.18.2 , ≤ 7.18.2 (semver)
    Affected: 7.18.1 , ≤ 7.18.1 (semver)
    Affected: 7.18.0 , ≤ 7.18.0 (semver)
    Affected: 7.17.1 , ≤ 7.17.1 (semver)
    Affected: 7.17.0 , ≤ 7.17.0 (semver)
    Affected: 7.16.4 , ≤ 7.16.4 (semver)
    Affected: 7.16.3 , ≤ 7.16.3 (semver)
    Affected: 7.16.2 , ≤ 7.16.2 (semver)
    Affected: 7.16.1 , ≤ 7.16.1 (semver)
    Affected: 7.16.0 , ≤ 7.16.0 (semver)
    Affected: 7.15.5 , ≤ 7.15.5 (semver)
    Affected: 7.15.4 , ≤ 7.15.4 (semver)
    Affected: 7.15.3 , ≤ 7.15.3 (semver)
    Affected: 7.15.2 , ≤ 7.15.2 (semver)
    Affected: 7.15.1 , ≤ 7.15.1 (semver)
    Affected: 7.15.0 , ≤ 7.15.0 (semver)
    Affected: 7.14.1 , ≤ 7.14.1 (semver)
    Affected: 7.14.0 , ≤ 7.14.0 (semver)
    Affected: 7.13.2 , ≤ 7.13.2 (semver)
    Affected: 7.13.1 , ≤ 7.13.1 (semver)
    Affected: 7.13.0 , ≤ 7.13.0 (semver)
    Affected: 7.12.3 , ≤ 7.12.3 (semver)
    Affected: 7.12.2 , ≤ 7.12.2 (semver)
    Affected: 7.12.1 , ≤ 7.12.1 (semver)
    Affected: 7.12.0 , ≤ 7.12.0 (semver)
    Create a notification for this product.
    Credits
    Ady Elouej Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8927",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T17:00:13.489405Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T17:01:06.213Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3744543"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.20.0",
                  "status": "affected",
                  "version": "8.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.45.0",
                  "status": "affected",
                  "version": "7.45.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.44.0",
                  "status": "affected",
                  "version": "7.44.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.43.0",
                  "status": "affected",
                  "version": "7.43.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.1",
                  "status": "affected",
                  "version": "7.42.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.0",
                  "status": "affected",
                  "version": "7.42.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.41.0",
                  "status": "affected",
                  "version": "7.41.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.40.0",
                  "status": "affected",
                  "version": "7.40.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.39.0",
                  "status": "affected",
                  "version": "7.39.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.38.0",
                  "status": "affected",
                  "version": "7.38.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.1",
                  "status": "affected",
                  "version": "7.37.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.0",
                  "status": "affected",
                  "version": "7.37.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.36.0",
                  "status": "affected",
                  "version": "7.36.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.35.0",
                  "status": "affected",
                  "version": "7.35.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.34.0",
                  "status": "affected",
                  "version": "7.34.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.33.0",
                  "status": "affected",
                  "version": "7.33.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.32.0",
                  "status": "affected",
                  "version": "7.32.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.31.0",
                  "status": "affected",
                  "version": "7.31.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.30.0",
                  "status": "affected",
                  "version": "7.30.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.29.0",
                  "status": "affected",
                  "version": "7.29.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.1",
                  "status": "affected",
                  "version": "7.28.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.28.0",
                  "status": "affected",
                  "version": "7.28.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.27.0",
                  "status": "affected",
                  "version": "7.27.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.26.0",
                  "status": "affected",
                  "version": "7.26.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.25.0",
                  "status": "affected",
                  "version": "7.25.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.24.0",
                  "status": "affected",
                  "version": "7.24.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.1",
                  "status": "affected",
                  "version": "7.23.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.23.0",
                  "status": "affected",
                  "version": "7.23.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.22.0",
                  "status": "affected",
                  "version": "7.22.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.7",
                  "status": "affected",
                  "version": "7.21.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.6",
                  "status": "affected",
                  "version": "7.21.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.5",
                  "status": "affected",
                  "version": "7.21.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.4",
                  "status": "affected",
                  "version": "7.21.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.3",
                  "status": "affected",
                  "version": "7.21.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.2",
                  "status": "affected",
                  "version": "7.21.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.1",
                  "status": "affected",
                  "version": "7.21.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.21.0",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.1",
                  "status": "affected",
                  "version": "7.20.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.20.0",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.7",
                  "status": "affected",
                  "version": "7.19.7",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.6",
                  "status": "affected",
                  "version": "7.19.6",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.5",
                  "status": "affected",
                  "version": "7.19.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.4",
                  "status": "affected",
                  "version": "7.19.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.3",
                  "status": "affected",
                  "version": "7.19.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.2",
                  "status": "affected",
                  "version": "7.19.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.1",
                  "status": "affected",
                  "version": "7.19.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.19.0",
                  "status": "affected",
                  "version": "7.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.2",
                  "status": "affected",
                  "version": "7.18.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.1",
                  "status": "affected",
                  "version": "7.18.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.18.0",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.1",
                  "status": "affected",
                  "version": "7.17.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.17.0",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.4",
                  "status": "affected",
                  "version": "7.16.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.3",
                  "status": "affected",
                  "version": "7.16.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.2",
                  "status": "affected",
                  "version": "7.16.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.1",
                  "status": "affected",
                  "version": "7.16.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.16.0",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.5",
                  "status": "affected",
                  "version": "7.15.5",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.4",
                  "status": "affected",
                  "version": "7.15.4",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.3",
                  "status": "affected",
                  "version": "7.15.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.2",
                  "status": "affected",
                  "version": "7.15.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.1",
                  "status": "affected",
                  "version": "7.15.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.15.0",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.1",
                  "status": "affected",
                  "version": "7.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.14.0",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.2",
                  "status": "affected",
                  "version": "7.13.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.1",
                  "status": "affected",
                  "version": "7.13.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.13.0",
                  "status": "affected",
                  "version": "7.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.3",
                  "status": "affected",
                  "version": "7.12.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.2",
                  "status": "affected",
                  "version": "7.12.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.1",
                  "status": "affected",
                  "version": "7.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.12.0",
                  "status": "affected",
                  "version": "7.12.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ady Elouej"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When reusing a libcurl handle for sequential transfers driven by\nenvironment-variable proxy configuration, libcurl fails to clear the proxy\nauthentication state between requests. Specifically, if the initial transfer\nauthenticates against `proxyA` using Digest auth, a subsequent transfer routed\nthrough `proxyB` erroneously leaks the `Proxy-Authorization:` header intended\nsolely for `proxyA`."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-294 Authentication Bypass by Capture-replay",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T06:16:06.376Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-8927.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-8927.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3744543"
            }
          ],
          "title": "env-set cross-proxy Digest auth state leak"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-8927",
        "datePublished": "2026-07-03T06:16:06.376Z",
        "dateReserved": "2026-05-19T08:12:08.842Z",
        "dateUpdated": "2026-07-06T17:01:06.213Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8926 (GCVE-0-2026-8926)

    Vulnerability from cvelistv5 – Published: 2026-07-03 06:15 – Updated: 2026-07-06 17:02
    VLAI
    Title
    password leak with netrc and user in URL
    Summary
    When asking curl to use a `.netrc` file to find credentials and at the same time specifying a URL with a username(without a password), like `https://user@example.com/`, curl could wrongly get and use the password for *another* user set in the `.netrc` file for that host if such a one exists and there is no match for the specified user.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.20.0 , ≤ 8.20.0 (semver)
    Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Create a notification for this product.
    Credits
    Joshua Rogers (Aisle Research) Stefan Eissing
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8926",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T17:01:57.524535Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T17:02:33.061Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3735184"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.20.0",
                  "status": "affected",
                  "version": "8.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Joshua Rogers (Aisle Research)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stefan Eissing"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "When asking curl to use a `.netrc` file to find credentials and at the same\ntime specifying a URL with a username(without a password), like\n`https://user@example.com/`, curl could wrongly get and use the password for\n*another* user set in the `.netrc` file for that host if such a one exists and\nthere is no match for the specified user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T06:15:45.735Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-8926.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-8926.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3735184"
            }
          ],
          "title": "password leak with netrc and user in URL"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-8926",
        "datePublished": "2026-07-03T06:15:45.735Z",
        "dateReserved": "2026-05-19T08:11:58.393Z",
        "dateUpdated": "2026-07-06T17:02:33.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8925 (GCVE-0-2026-8925)

    Vulnerability from cvelistv5 – Published: 2026-07-03 06:15 – Updated: 2026-07-06 17:04
    VLAI
    Title
    SASL double-free
    Summary
    The curl logic that works with SASL authentication could end up cleaning up the GSASL context *twice* without clearing the pointer in between, making it `free()` the same pointer twice.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.20.0 , ≤ 8.20.0 (semver)
    Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Create a notification for this product.
    Credits
    Joshua Rogers (Aisle Research) Viktor Szakats
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8925",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T17:03:39.068747Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T17:04:15.411Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3735193"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.20.0",
                  "status": "affected",
                  "version": "8.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Joshua Rogers (Aisle Research)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Viktor Szakats"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The curl logic that works with SASL authentication could end up cleaning up\nthe GSASL context *twice* without clearing the pointer in between, making it\n`free()` the same pointer twice."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-415 Double Free",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T06:15:25.448Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-8925.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-8925.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3735193"
            }
          ],
          "title": "SASL double-free"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-8925",
        "datePublished": "2026-07-03T06:15:25.448Z",
        "dateReserved": "2026-05-19T08:11:49.032Z",
        "dateUpdated": "2026-07-06T17:04:15.411Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8924 (GCVE-0-2026-8924)

    Vulnerability from cvelistv5 – Published: 2026-07-03 06:15 – Updated: 2026-07-06 16:57
    VLAI
    Title
    trailing dot domain super cookie
    Summary
    A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.20.0 , ≤ 8.20.0 (semver)
    Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Create a notification for this product.
    Credits
    vegagent on hackerone Daniel Stenberg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8924",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T16:56:31.860200Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T16:57:16.362Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3733905"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.20.0",
                  "status": "affected",
                  "version": "8.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "vegagent on hackerone"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Daniel Stenberg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw in curl\u2019s cookie parsing logic allows a malicious HTTP server to set\n\u0027super cookies\u0027 that bypass the Public Suffix List check. This enables an\nattacker-controlled origin to inject cookies that curl subsequently scopes and\ntransmits to unrelated third-party domains."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-201 Information Exposure Through Sent Data",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T06:15:04.646Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-8924.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-8924.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3733905"
            }
          ],
          "title": "trailing dot domain super cookie"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-8924",
        "datePublished": "2026-07-03T06:15:04.646Z",
        "dateReserved": "2026-05-19T08:11:35.441Z",
        "dateUpdated": "2026-07-06T16:57:16.362Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8458 (GCVE-0-2026-8458)

    Vulnerability from cvelistv5 – Published: 2026-07-03 06:14 – Updated: 2026-07-06 17:32
    VLAI
    Title
    wrong reuse for different services
    Summary
    libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different services.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.20.0 , ≤ 8.20.0 (semver)
    Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Affected: 7.45.0 , ≤ 7.45.0 (semver)
    Affected: 7.44.0 , ≤ 7.44.0 (semver)
    Affected: 7.43.0 , ≤ 7.43.0 (semver)
    Create a notification for this product.
    Credits
    Muhamad Arga Reksapati Stefan Eissing
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8458",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T17:31:14.007899Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T17:32:06.018Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3721183"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.20.0",
                  "status": "affected",
                  "version": "8.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.45.0",
                  "status": "affected",
                  "version": "7.45.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.44.0",
                  "status": "affected",
                  "version": "7.44.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.43.0",
                  "status": "affected",
                  "version": "7.43.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Muhamad Arga Reksapati"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stefan Eissing"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "libcurl might in some circumstances reuse the wrong connection when asked to\ndo Negotiate-authenticated ones, even when they are set to use different\n\u0027services\u0027.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criteria must be met. Due to a logical\nerror in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different services."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-488 Exposure of Data Element to Wrong Session",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T06:14:42.258Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-8458.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-8458.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3721183"
            }
          ],
          "title": "wrong reuse for different services"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-8458",
        "datePublished": "2026-07-03T06:14:42.258Z",
        "dateReserved": "2026-05-13T08:33:36.632Z",
        "dateUpdated": "2026-07-06T17:32:06.018Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8286 (GCVE-0-2026-8286)

    Vulnerability from cvelistv5 – Published: 2026-07-03 06:14 – Updated: 2026-07-06 17:33
    VLAI
    Title
    wrong STARTTLS connection reuse
    Summary
    A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    curl curl Affected: 8.20.0 , ≤ 8.20.0 (semver)
    Affected: 8.19.0 , ≤ 8.19.0 (semver)
    Affected: 8.18.0 , ≤ 8.18.0 (semver)
    Affected: 8.17.0 , ≤ 8.17.0 (semver)
    Affected: 8.16.0 , ≤ 8.16.0 (semver)
    Affected: 8.15.0 , ≤ 8.15.0 (semver)
    Affected: 8.14.1 , ≤ 8.14.1 (semver)
    Affected: 8.14.0 , ≤ 8.14.0 (semver)
    Affected: 8.13.0 , ≤ 8.13.0 (semver)
    Affected: 8.12.1 , ≤ 8.12.1 (semver)
    Affected: 8.12.0 , ≤ 8.12.0 (semver)
    Affected: 8.11.1 , ≤ 8.11.1 (semver)
    Affected: 8.11.0 , ≤ 8.11.0 (semver)
    Affected: 8.10.1 , ≤ 8.10.1 (semver)
    Affected: 8.10.0 , ≤ 8.10.0 (semver)
    Affected: 8.9.1 , ≤ 8.9.1 (semver)
    Affected: 8.9.0 , ≤ 8.9.0 (semver)
    Affected: 8.8.0 , ≤ 8.8.0 (semver)
    Affected: 8.7.1 , ≤ 8.7.1 (semver)
    Affected: 8.7.0 , ≤ 8.7.0 (semver)
    Affected: 8.6.0 , ≤ 8.6.0 (semver)
    Affected: 8.5.0 , ≤ 8.5.0 (semver)
    Affected: 8.4.0 , ≤ 8.4.0 (semver)
    Affected: 8.3.0 , ≤ 8.3.0 (semver)
    Affected: 8.2.1 , ≤ 8.2.1 (semver)
    Affected: 8.2.0 , ≤ 8.2.0 (semver)
    Affected: 8.1.2 , ≤ 8.1.2 (semver)
    Affected: 8.1.1 , ≤ 8.1.1 (semver)
    Affected: 8.1.0 , ≤ 8.1.0 (semver)
    Affected: 8.0.1 , ≤ 8.0.1 (semver)
    Affected: 8.0.0 , ≤ 8.0.0 (semver)
    Affected: 7.88.1 , ≤ 7.88.1 (semver)
    Affected: 7.88.0 , ≤ 7.88.0 (semver)
    Affected: 7.87.0 , ≤ 7.87.0 (semver)
    Affected: 7.86.0 , ≤ 7.86.0 (semver)
    Affected: 7.85.0 , ≤ 7.85.0 (semver)
    Affected: 7.84.0 , ≤ 7.84.0 (semver)
    Affected: 7.83.1 , ≤ 7.83.1 (semver)
    Affected: 7.83.0 , ≤ 7.83.0 (semver)
    Affected: 7.82.0 , ≤ 7.82.0 (semver)
    Affected: 7.81.0 , ≤ 7.81.0 (semver)
    Affected: 7.80.0 , ≤ 7.80.0 (semver)
    Affected: 7.79.1 , ≤ 7.79.1 (semver)
    Affected: 7.79.0 , ≤ 7.79.0 (semver)
    Affected: 7.78.0 , ≤ 7.78.0 (semver)
    Affected: 7.77.0 , ≤ 7.77.0 (semver)
    Affected: 7.76.1 , ≤ 7.76.1 (semver)
    Affected: 7.76.0 , ≤ 7.76.0 (semver)
    Affected: 7.75.0 , ≤ 7.75.0 (semver)
    Affected: 7.74.0 , ≤ 7.74.0 (semver)
    Affected: 7.73.0 , ≤ 7.73.0 (semver)
    Affected: 7.72.0 , ≤ 7.72.0 (semver)
    Affected: 7.71.1 , ≤ 7.71.1 (semver)
    Affected: 7.71.0 , ≤ 7.71.0 (semver)
    Affected: 7.70.0 , ≤ 7.70.0 (semver)
    Affected: 7.69.1 , ≤ 7.69.1 (semver)
    Affected: 7.69.0 , ≤ 7.69.0 (semver)
    Affected: 7.68.0 , ≤ 7.68.0 (semver)
    Affected: 7.67.0 , ≤ 7.67.0 (semver)
    Affected: 7.66.0 , ≤ 7.66.0 (semver)
    Affected: 7.65.3 , ≤ 7.65.3 (semver)
    Affected: 7.65.2 , ≤ 7.65.2 (semver)
    Affected: 7.65.1 , ≤ 7.65.1 (semver)
    Affected: 7.65.0 , ≤ 7.65.0 (semver)
    Affected: 7.64.1 , ≤ 7.64.1 (semver)
    Affected: 7.64.0 , ≤ 7.64.0 (semver)
    Affected: 7.63.0 , ≤ 7.63.0 (semver)
    Affected: 7.62.0 , ≤ 7.62.0 (semver)
    Affected: 7.61.1 , ≤ 7.61.1 (semver)
    Affected: 7.61.0 , ≤ 7.61.0 (semver)
    Affected: 7.60.0 , ≤ 7.60.0 (semver)
    Affected: 7.59.0 , ≤ 7.59.0 (semver)
    Affected: 7.58.0 , ≤ 7.58.0 (semver)
    Affected: 7.57.0 , ≤ 7.57.0 (semver)
    Affected: 7.56.1 , ≤ 7.56.1 (semver)
    Affected: 7.56.0 , ≤ 7.56.0 (semver)
    Affected: 7.55.1 , ≤ 7.55.1 (semver)
    Affected: 7.55.0 , ≤ 7.55.0 (semver)
    Affected: 7.54.1 , ≤ 7.54.1 (semver)
    Affected: 7.54.0 , ≤ 7.54.0 (semver)
    Affected: 7.53.1 , ≤ 7.53.1 (semver)
    Affected: 7.53.0 , ≤ 7.53.0 (semver)
    Affected: 7.52.1 , ≤ 7.52.1 (semver)
    Affected: 7.52.0 , ≤ 7.52.0 (semver)
    Affected: 7.51.0 , ≤ 7.51.0 (semver)
    Affected: 7.50.3 , ≤ 7.50.3 (semver)
    Affected: 7.50.2 , ≤ 7.50.2 (semver)
    Affected: 7.50.1 , ≤ 7.50.1 (semver)
    Affected: 7.50.0 , ≤ 7.50.0 (semver)
    Affected: 7.49.1 , ≤ 7.49.1 (semver)
    Affected: 7.49.0 , ≤ 7.49.0 (semver)
    Affected: 7.48.0 , ≤ 7.48.0 (semver)
    Affected: 7.47.1 , ≤ 7.47.1 (semver)
    Affected: 7.47.0 , ≤ 7.47.0 (semver)
    Affected: 7.46.0 , ≤ 7.46.0 (semver)
    Affected: 7.45.0 , ≤ 7.45.0 (semver)
    Affected: 7.44.0 , ≤ 7.44.0 (semver)
    Affected: 7.43.0 , ≤ 7.43.0 (semver)
    Affected: 7.42.1 , ≤ 7.42.1 (semver)
    Affected: 7.42.0 , ≤ 7.42.0 (semver)
    Affected: 7.41.0 , ≤ 7.41.0 (semver)
    Affected: 7.40.0 , ≤ 7.40.0 (semver)
    Affected: 7.39.0 , ≤ 7.39.0 (semver)
    Affected: 7.38.0 , ≤ 7.38.0 (semver)
    Affected: 7.37.1 , ≤ 7.37.1 (semver)
    Affected: 7.37.0 , ≤ 7.37.0 (semver)
    Affected: 7.36.0 , ≤ 7.36.0 (semver)
    Affected: 7.35.0 , ≤ 7.35.0 (semver)
    Affected: 7.34.0 , ≤ 7.34.0 (semver)
    Affected: 7.33.0 , ≤ 7.33.0 (semver)
    Affected: 7.32.0 , ≤ 7.32.0 (semver)
    Affected: 7.31.0 , ≤ 7.31.0 (semver)
    Affected: 7.30.0 , ≤ 7.30.0 (semver)
    Create a notification for this product.
    Credits
    Andrew Nesbitt (powered by Mythos) Stefan Eissing
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8286",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T17:33:16.174641Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T17:33:50.416Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://hackerone.com/reports/3718195"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "curl",
              "vendor": "curl",
              "versions": [
                {
                  "lessThanOrEqual": "8.20.0",
                  "status": "affected",
                  "version": "8.20.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.19.0",
                  "status": "affected",
                  "version": "8.19.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.18.0",
                  "status": "affected",
                  "version": "8.18.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.17.0",
                  "status": "affected",
                  "version": "8.17.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.16.0",
                  "status": "affected",
                  "version": "8.16.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.15.0",
                  "status": "affected",
                  "version": "8.15.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.1",
                  "status": "affected",
                  "version": "8.14.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.14.0",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.13.0",
                  "status": "affected",
                  "version": "8.13.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.1",
                  "status": "affected",
                  "version": "8.12.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.12.0",
                  "status": "affected",
                  "version": "8.12.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.1",
                  "status": "affected",
                  "version": "8.11.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.11.0",
                  "status": "affected",
                  "version": "8.11.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.1",
                  "status": "affected",
                  "version": "8.10.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.10.0",
                  "status": "affected",
                  "version": "8.10.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.1",
                  "status": "affected",
                  "version": "8.9.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.9.0",
                  "status": "affected",
                  "version": "8.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.8.0",
                  "status": "affected",
                  "version": "8.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.1",
                  "status": "affected",
                  "version": "8.7.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.7.0",
                  "status": "affected",
                  "version": "8.7.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.6.0",
                  "status": "affected",
                  "version": "8.6.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.5.0",
                  "status": "affected",
                  "version": "8.5.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.4.0",
                  "status": "affected",
                  "version": "8.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.3.0",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.1",
                  "status": "affected",
                  "version": "8.2.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.2",
                  "status": "affected",
                  "version": "8.1.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.1",
                  "status": "affected",
                  "version": "8.1.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.1.0",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.1",
                  "status": "affected",
                  "version": "8.0.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "8.0.0",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.1",
                  "status": "affected",
                  "version": "7.88.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.88.0",
                  "status": "affected",
                  "version": "7.88.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.87.0",
                  "status": "affected",
                  "version": "7.87.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.86.0",
                  "status": "affected",
                  "version": "7.86.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.85.0",
                  "status": "affected",
                  "version": "7.85.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.84.0",
                  "status": "affected",
                  "version": "7.84.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.1",
                  "status": "affected",
                  "version": "7.83.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.83.0",
                  "status": "affected",
                  "version": "7.83.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.82.0",
                  "status": "affected",
                  "version": "7.82.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.81.0",
                  "status": "affected",
                  "version": "7.81.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.80.0",
                  "status": "affected",
                  "version": "7.80.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.1",
                  "status": "affected",
                  "version": "7.79.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.79.0",
                  "status": "affected",
                  "version": "7.79.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.78.0",
                  "status": "affected",
                  "version": "7.78.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.77.0",
                  "status": "affected",
                  "version": "7.77.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.1",
                  "status": "affected",
                  "version": "7.76.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.76.0",
                  "status": "affected",
                  "version": "7.76.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.75.0",
                  "status": "affected",
                  "version": "7.75.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.74.0",
                  "status": "affected",
                  "version": "7.74.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.73.0",
                  "status": "affected",
                  "version": "7.73.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.72.0",
                  "status": "affected",
                  "version": "7.72.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.1",
                  "status": "affected",
                  "version": "7.71.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.71.0",
                  "status": "affected",
                  "version": "7.71.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.70.0",
                  "status": "affected",
                  "version": "7.70.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.1",
                  "status": "affected",
                  "version": "7.69.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.69.0",
                  "status": "affected",
                  "version": "7.69.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.68.0",
                  "status": "affected",
                  "version": "7.68.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.67.0",
                  "status": "affected",
                  "version": "7.67.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.66.0",
                  "status": "affected",
                  "version": "7.66.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.3",
                  "status": "affected",
                  "version": "7.65.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.2",
                  "status": "affected",
                  "version": "7.65.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.1",
                  "status": "affected",
                  "version": "7.65.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.65.0",
                  "status": "affected",
                  "version": "7.65.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.1",
                  "status": "affected",
                  "version": "7.64.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.64.0",
                  "status": "affected",
                  "version": "7.64.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.63.0",
                  "status": "affected",
                  "version": "7.63.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.62.0",
                  "status": "affected",
                  "version": "7.62.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.1",
                  "status": "affected",
                  "version": "7.61.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.61.0",
                  "status": "affected",
                  "version": "7.61.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.60.0",
                  "status": "affected",
                  "version": "7.60.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.59.0",
                  "status": "affected",
                  "version": "7.59.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.58.0",
                  "status": "affected",
                  "version": "7.58.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.57.0",
                  "status": "affected",
                  "version": "7.57.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.1",
                  "status": "affected",
                  "version": "7.56.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.56.0",
                  "status": "affected",
                  "version": "7.56.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.1",
                  "status": "affected",
                  "version": "7.55.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.55.0",
                  "status": "affected",
                  "version": "7.55.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.1",
                  "status": "affected",
                  "version": "7.54.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.54.0",
                  "status": "affected",
                  "version": "7.54.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.1",
                  "status": "affected",
                  "version": "7.53.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.53.0",
                  "status": "affected",
                  "version": "7.53.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.1",
                  "status": "affected",
                  "version": "7.52.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.52.0",
                  "status": "affected",
                  "version": "7.52.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.51.0",
                  "status": "affected",
                  "version": "7.51.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.3",
                  "status": "affected",
                  "version": "7.50.3",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.2",
                  "status": "affected",
                  "version": "7.50.2",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.1",
                  "status": "affected",
                  "version": "7.50.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.50.0",
                  "status": "affected",
                  "version": "7.50.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.1",
                  "status": "affected",
                  "version": "7.49.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.49.0",
                  "status": "affected",
                  "version": "7.49.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.48.0",
                  "status": "affected",
                  "version": "7.48.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.1",
                  "status": "affected",
                  "version": "7.47.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.47.0",
                  "status": "affected",
                  "version": "7.47.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.46.0",
                  "status": "affected",
                  "version": "7.46.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.45.0",
                  "status": "affected",
                  "version": "7.45.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.44.0",
                  "status": "affected",
                  "version": "7.44.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.43.0",
                  "status": "affected",
                  "version": "7.43.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.1",
                  "status": "affected",
                  "version": "7.42.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.42.0",
                  "status": "affected",
                  "version": "7.42.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.41.0",
                  "status": "affected",
                  "version": "7.41.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.40.0",
                  "status": "affected",
                  "version": "7.40.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.39.0",
                  "status": "affected",
                  "version": "7.39.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.38.0",
                  "status": "affected",
                  "version": "7.38.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.1",
                  "status": "affected",
                  "version": "7.37.1",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.37.0",
                  "status": "affected",
                  "version": "7.37.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.36.0",
                  "status": "affected",
                  "version": "7.36.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.35.0",
                  "status": "affected",
                  "version": "7.35.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.34.0",
                  "status": "affected",
                  "version": "7.34.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.33.0",
                  "status": "affected",
                  "version": "7.33.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.32.0",
                  "status": "affected",
                  "version": "7.32.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.31.0",
                  "status": "affected",
                  "version": "7.31.0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "7.30.0",
                  "status": "affected",
                  "version": "7.30.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Andrew Nesbitt (powered by Mythos)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Stefan Eissing"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability exists where a new transfer that uses STARTTLS to upgrade the\nconnection might reuse an existing live connection even though the TLS\nconfiguration mismatches so it should not."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-295 Improper Certificate Validation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-03T06:14:17.541Z",
            "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
            "shortName": "curl"
          },
          "references": [
            {
              "name": "json",
              "url": "https://curl.se/docs/CVE-2026-8286.json"
            },
            {
              "name": "www",
              "url": "https://curl.se/docs/CVE-2026-8286.html"
            },
            {
              "name": "issue",
              "url": "https://hackerone.com/reports/3718195"
            }
          ],
          "title": "wrong STARTTLS connection reuse"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "assignerShortName": "curl",
        "cveId": "CVE-2026-8286",
        "datePublished": "2026-07-03T06:14:17.541Z",
        "dateReserved": "2026-05-11T07:06:37.906Z",
        "dateUpdated": "2026-07-06T17:33:50.416Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }