Known Vulnerabilities for Libcurl by Curl
Listed below are 4 of the newest known vulnerabilities associated with "Libcurl" by "Curl".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-55568 json | Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, in certain configurations, traffic expected to be protected by TLS ... | Not Provided | 2026-06-23 | 2026-06-23 |
| CVE-2026-53951 json | Copier is a library and CLI app for rendering project templates. In versions 9.5.0 through 9.15.1, the `trust` setting's pref... | Not Provided | 2026-07-08 | 2026-07-09 |
| CVE-2026-49129 json | Music Player Daemon (MPD) before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin wher... | Not Provided | 2026-05-28 | 2026-05-28 |
| CVE-2026-12064 json | When a user invokes curl using a schemeless URL combined with `--proto-default` sftp (or scp), a disconnect occurs between th... | Not Provided | 2026-07-03 | 2026-07-06 |
| CVE-2026-11856 json | Successfully using libcurl to do a transfer to a specific HTTP origin (`hostA`) with **Digest** authentication and then chang... | Not Provided | 2026-07-03 | 2026-07-06 |
| CVE-2026-11564 json | libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the s... | Not Provided | 2026-07-03 | 2026-07-06 |
| CVE-2026-11352 json | An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against... | Not Provided | 2026-07-03 | 2026-07-06 |
| CVE-2026-10536 json | A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT... | Not Provided | 2026-07-03 | 2026-07-06 |
| CVE-2026-9547 json | When a libcurl-based application performs transfers via `SCP://` or `SFTP://` and utilizes the `CURLOPT_SSH_KEYFUNCTION` call... | Not Provided | 2026-07-03 | 2026-07-06 |
| CVE-2026-9546 json | A vulnerability in libcurl caused the HTTP `Referer:` header to persist even when explicitly cleared. While the documentation... | Not Provided | 2026-07-03 | 2026-07-06 |