You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
curl security
About this tag
The curl security tag on WindowsForum.com covers vulnerabilities and fixes in the curl and libcurl networking tools. Recent discussions include CVE-2026-3784, a proxy connection reuse flaw fixed in curl 8.19.0, and CVE-2023-27533, a TELNET input validation bug patched in curl 8.0. These threads provide details on each vulnerability, affected versions, and upgrade guidance. The tag is relevant for system administrators, developers, and IT professionals managing curl on Windows or other platforms who need to stay informed about security patches and best practices for mitigating risks in network data transfer.
If your application uses curl or libcurl with HTTP Negotiate/SPNEGO authentication against the same host using multiple credentials or long-lived reusable connections, upgrade to curl/libcurl 8.19.0 now; CVE-2026-1965 was disclosed on March 11, 2026, and affects versions 7.10.6 through 8.18.0...
The curl project disclosed a new vulnerability, tracked as CVE-2026-3784, in which libcurl and the curl command-line tool can wrongly reuse an existing HTTP proxy connection established with one set of proxy credentials when a subsequent request attempts to use different proxy credentials — a...
The curl TELNET input-validation bug tracked as CVE-2023-27533 is a deceptively simple but broadly consequential flaw: curl versions prior to 8.0 accepted unfiltered TELNET username and option strings and forwarded them verbatim into TELNET negotiation, allowing attacker-supplied bytes to be...