curl security

The curl project disclosed a new vulnerability, tracked as CVE-2026-3784, in which libcurl and the curl command-line tool can wrongly reuse an existing HTTP proxy connection established with one set of proxy credentials when a subsequent request attempts to use different proxy credentials — a...

The curl TELNET input-validation bug tracked as CVE-2023-27533 is a deceptively simple but broadly consequential flaw: curl versions prior to 8.0 accepted unfiltered TELNET username and option strings and forwarded them verbatim into TELNET negotiation, allowing attacker-supplied bytes to be...