haxx
199 tracked vulnerabilities.
CVE-2026-9547
HIGH
curl SCP/SFTP - SSH Host Key Validation Bypass
Jul 03, 2026
CVSS 7.4
EPSS 0.01
CVE-2026-9546
HIGH
curl - Sending Old Referer
Jul 03, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-9545
HIGH
curl - Exposing HTTP/3 Early Data
Jul 03, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-9080
HIGH
curl - UAF After Pause in Socket Callback
Jul 03, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-9079
CRITICAL
curl - Stale Proxy Password Leak
Jul 03, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-8932
HIGH
curl - Incomplete mTLS Config Matching in Conn Reuse
Jul 03, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-8927
CRITICAL
curl - Env-Set Cross-Proxy Digest Auth State Leak
Jul 03, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-8926
CRITICAL
curl - Password Leak with Netrc and User in URL
Jul 03, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-8925
CRITICAL
curl - SASL Double-Free
Jul 03, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-8924
CRITICAL
curl - Trailing Dot Domain Super Cookie
Jul 03, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-8458
MEDIUM
curl - Wrong Reuse for Different Services
Jul 03, 2026
CVSS 6.5
EPSS 0.01
CVE-2026-8286
HIGH
curl - Wrong STARTTLS Connection Reuse
Jul 03, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-12064
HIGH
curl - Proto-Default Skips SSH Verification
Jul 03, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-11856
CRITICAL
curl - Cross-Origin Digest Auth State Leak
Jul 03, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-11586
HIGH
curl - WS Auto-PONG Memory Exhaustion
Jul 03, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-11564
CRITICAL
curl - Native CA Trust Persist
Jul 03, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-11352
HIGH
curl - QUIC Zero-Length UDP Datagrams Busy-Loop
Jul 03, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-10536
CRITICAL
curl - HTTP/2 Stream-Dependency Tree UAF
Jul 03, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-7168
MEDIUM
curl - Authentication Bypass via Proxy-Authorization Header Reuse
May 13, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-7009
MEDIUM
curl 8.17.0-8.20.0 - Improper Certificate Validation via OCSP Stapling
May 13, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-6429
MEDIUM
curl - Password Leak via .netrc File During HTTP Redirect
May 13, 2026
CVSS 5.3
EPSS 0.01
CVE-2026-6276
HIGH
curl 8.7.0-8.19.0 - Sensitive Cookie Leak via Stale Host Header
May 13, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-6253
MEDIUM
curl - Credential Leakage via Proxy Redirect Handling
May 13, 2026
CVSS 5.9
EPSS 0.01
CVE-2026-5773
HIGH
curl 8.7.0-8.19.0 - Server-Side Request Forgery via SMB Connection Reuse
May 13, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-5545
MEDIUM
curl 8.7.0-8.19.0 - Insufficient Session Expiration via Connection Reuse
May 13, 2026
CVSS 6.5
EPSS 0.00
Products
Quick Filters