Latest release, curl/libcurl 8.20.0 Fixes Security Vulnerabilities

A computer security forum focused on cybersecurity, system hardening, network protection, vulnerability analysis, privacy, and best practices for securing servers, applications, and infrastructure.
Forum rules
Post Reply
NetGuru
Posts: 34
Joined: Thu Apr 23, 2026 5:29 pm

Latest release, curl/libcurl 8.20.0 Fixes Security Vulnerabilities

Post by NetGuru »

The latest release, curl/libcurl 8.20.0, fixes several security vulnerabilities disclosed on April 29, 2026. Versions up to and including 8.19.0 were affected.

Important: Not every vulnerability affects every system directly. The risk is higher if applications use libcurl with features such as proxy authentication, redirects, SMB, cookies, .netrc, Digest authentication, or HTTP Negotiate/Kerberos.

Examples of fixed CVEs:

CVE-2026-5545 – incorrect reuse of HTTP Negotiate connections
CVE-2026-5773 – incorrect reuse of SMB connections
CVE-2026-6253 – proxy credentials may leak during redirects
CVE-2026-6429 – .netrc credentials may leak over proxy connections
CVE-2026-7168 – Digest authentication state may leak between proxies

The curl project recommends upgrading to curl/libcurl 8.20.0 or applying your distribution’s security patches.

On Debian/Ubuntu, you can check and update with:

Code: Select all

curl --version
apt list --upgradable | grep curl
sudo apt update
sudo apt upgrade
In…login to view the rest of this post
Top

This topic has 1 more reply

You must be a registered member and logged in to view the replies in this topic.


Register Login
 
Post Reply

Return to “Security”