You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
libcurl vulnerability
About this tag
The libcurl vulnerability tag covers disclosed security issues in the libcurl library, which is widely embedded in software including Windows components and Azure Linux. Recent discussions focus on CVE-2026-7168, a medium-severity flaw where a reused libcurl handle can leak Digest Proxy-Authorization headers between different HTTP proxies, and CVE-2023-27535, which involves FTP connection reuse with incorrect credentials. For Windows administrators, these vulnerabilities matter because curl is part of the platform's plumbing and libcurl is often hidden inside applications. The tag emphasizes inventory, proxy hygiene, and understanding that not all vulnerabilities are remote-code-execution emergencies, but they require careful patching and configuration review.
CVE-2026-7168 is a medium-severity libcurl vulnerability disclosed by the curl project on April 29, 2026, in which applications reusing a libcurl handle across two different HTTP proxies can leak a Digest Proxy-Authorization header from the first proxy to the second. It is not a Windows...
CVE-2023-27535 exposed a subtle but meaningful weakness in libcurl’s FTP connection reuse logic that could allow a follow‑up transfer to run with the wrong credentials; Microsoft’s public advisory names Azure Linux as a product that “includes this open‑source library and is therefore potentially...