logo

Curl Fixes a 25-Year-Old Bug in Its Largest CVE Release Yet

ID: a494e0a5-47e9-59b1-a5d2-0e704dc65f28

STIX ID: report--a494e0a5-47e9-59b1-a5d2-0e704dc65f28

Feed Name: Security Affairs

Threat Score
65/100

Date Published: 2026-06-25

Date Updated: 2026-06-26

Author: Pierluigi Paganini

...
...

Curl maintainers released a single update addressing 18 vulnerabilities across libcurl and curl — including memory-safety issues (double free, use-after-free), improper host validation, and a 25-year-old mTLS connection-reuse authentication bypass (CVE-2026-8932). The report emphasizes AISLE’s role in discovering multiple CVEs, notes the large potential attack surface due to curl’s wide deployment, and states there are no confirmed real-world exploits so far.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.