curl Patches 18 Vulnerabilities Including Password Leak and WebSocket Memory Bugs
ID: f567031c-e7fe-5ce8-af65-23d04ed1a116
STIX ID: report--f567031c-e7fe-5ce8-af65-23d04ed1a116
Feed Name: Cyber Press
curl 8.21.0 (released 24 June 2026) fixes 18 security vulnerabilities — a single-release record for the project — bringing the total publicly disclosed curl vulnerabilities to 206. The patched flaws include credential leakage, memory corruption (including use-after-free), WebSocket and HTTP/2 issues, SSH host verification bypasses, QUIC and HTTP/3-related problems, and several denial-of-service risks; four were rated Medium and the remainder Low. Given curl/libcurl's wide use, the report urges organizations to prioritize upgrading to 8.21.0 to mitigate credential exposure and memory-corruption risks.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
