curl vulnerabilities
Published: Mon, 04 May 2026 11:40
Summary
curl could be made to expose sensitive information over the network.
Details
It was discovered that curl incorrectly reused non-TLS connections when TLS was required in some STARTTLS configurations. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-4873) It was discovered that curl incorrectly reused certain HTTP Negotiate connections. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-5545) It was discovered that curl incorrectly reused certain SMB connections. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-5773) It was discovered that curl could leak proxy credentials when handling redirects in some configurations. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6253) It was discovered that curl could leak cookies because of stale custom cookie host handling in some requests. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6276) It was discovered that curl could leak .netrc credentials when reusing proxy connections in some situations. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6429) It was discovered that curl could leak Digest authentication state when switching proxies in some situations. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-7168)
Recommended actions per Ubuntu release
StackPatch playbook auto-generated per release codename and per affected package.
Ubuntu jammy
curl→7.81.0-1ubuntu1.24apt_upgradeStandard apt upgrade. Install 7.81.0-1ubuntu1.24 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y curl
Most apt upgrades restart their service automatically. needrestart lists anything else.
curl→7.81.0-1ubuntu1.24apt_upgradeStandard apt upgrade. Install 7.81.0-1ubuntu1.24 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y curl
Most apt upgrades restart their service automatically. needrestart lists anything else.
libcurl3-gnutls→7.81.0-1ubuntu1.24apt_upgradeStandard apt upgrade. Install 7.81.0-1ubuntu1.24 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libcurl3-gnutls
Most apt upgrades restart their service automatically. needrestart lists anything else.
libcurl3-nss→7.81.0-1ubuntu1.24apt_upgradeStandard apt upgrade. Install 7.81.0-1ubuntu1.24 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libcurl3-nss
Most apt upgrades restart their service automatically. needrestart lists anything else.
libcurl4→7.81.0-1ubuntu1.24apt_upgradeStandard apt upgrade. Install 7.81.0-1ubuntu1.24 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libcurl4
Most apt upgrades restart their service automatically. needrestart lists anything else.
libcurl4-doc→7.81.0-1ubuntu1.24apt_upgradeStandard apt upgrade. Install 7.81.0-1ubuntu1.24 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libcurl4-doc
Most apt upgrades restart their service automatically. needrestart lists anything else.
libcurl4-gnutls-dev→7.81.0-1ubuntu1.24apt_upgradeStandard apt upgrade. Install 7.81.0-1ubuntu1.24 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libcurl4-gnutls-dev
Most apt upgrades restart their service automatically. needrestart lists anything else.
libcurl4-nss-dev→7.81.0-1ubuntu1.24apt_upgradeStandard apt upgrade. Install 7.81.0-1ubuntu1.24 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libcurl4-nss-dev
Most apt upgrades restart their service automatically. needrestart lists anything else.
libcurl4-openssl-dev→7.81.0-1ubuntu1.24apt_upgradeStandard apt upgrade. Install 7.81.0-1ubuntu1.24 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libcurl4-openssl-dev
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu noble
curl→8.5.0-2ubuntu10.9apt_upgradeStandard apt upgrade. Install 8.5.0-2ubuntu10.9 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y curl
Most apt upgrades restart their service automatically. needrestart lists anything else.
curl→8.5.0-2ubuntu10.9apt_upgradeStandard apt upgrade. Install 8.5.0-2ubuntu10.9 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y curl
Most apt upgrades restart their service automatically. needrestart lists anything else.
libcurl3t64-gnutls→8.5.0-2ubuntu10.9apt_upgradeStandard apt upgrade. Install 8.5.0-2ubuntu10.9 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libcurl3t64-gnutls
Most apt upgrades restart their service automatically. needrestart lists anything else.
libcurl4-doc→8.5.0-2ubuntu10.9apt_upgradeStandard apt upgrade. Install 8.5.0-2ubuntu10.9 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libcurl4-doc
Most apt upgrades restart their service automatically. needrestart lists anything else.
libcurl4-gnutls-dev→8.5.0-2ubuntu10.9apt_upgradeStandard apt upgrade. Install 8.5.0-2ubuntu10.9 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libcurl4-gnutls-dev
Most apt upgrades restart their service automatically. needrestart lists anything else.
libcurl4-openssl-dev→8.5.0-2ubuntu10.9apt_upgradeStandard apt upgrade. Install 8.5.0-2ubuntu10.9 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libcurl4-openssl-dev
Most apt upgrades restart their service automatically. needrestart lists anything else.
libcurl4t64→8.5.0-2ubuntu10.9apt_upgradeStandard apt upgrade. Install 8.5.0-2ubuntu10.9 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libcurl4t64
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu questing
curl→8.14.1-2ubuntu1.3apt_upgradeStandard apt upgrade. Install 8.14.1-2ubuntu1.3 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y curl
Most apt upgrades restart their service automatically. needrestart lists anything else.
curl→8.14.1-2ubuntu1.3apt_upgradeStandard apt upgrade. Install 8.14.1-2ubuntu1.3 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y curl
Most apt upgrades restart their service automatically. needrestart lists anything else.
libcurl3t64-gnutls→8.14.1-2ubuntu1.3apt_upgradeStandard apt upgrade. Install 8.14.1-2ubuntu1.3 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libcurl3t64-gnutls
Most apt upgrades restart their service automatically. needrestart lists anything else.
libcurl4-doc→8.14.1-2ubuntu1.3apt_upgradeStandard apt upgrade. Install 8.14.1-2ubuntu1.3 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libcurl4-doc
Most apt upgrades restart their service automatically. needrestart lists anything else.
libcurl4-gnutls-dev→8.14.1-2ubuntu1.3apt_upgradeStandard apt upgrade. Install 8.14.1-2ubuntu1.3 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libcurl4-gnutls-dev
Most apt upgrades restart their service automatically. needrestart lists anything else.
libcurl4-openssl-dev→8.14.1-2ubuntu1.3apt_upgradeStandard apt upgrade. Install 8.14.1-2ubuntu1.3 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libcurl4-openssl-dev
Most apt upgrades restart their service automatically. needrestart lists anything else.
libcurl4t64→8.14.1-2ubuntu1.3apt_upgradeStandard apt upgrade. Install 8.14.1-2ubuntu1.3 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libcurl4t64
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu resolute
curl→8.18.0-1ubuntu2.1apt_upgradeStandard apt upgrade. Install 8.18.0-1ubuntu2.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y curl
Most apt upgrades restart their service automatically. needrestart lists anything else.
curl→8.18.0-1ubuntu2.1apt_upgradeStandard apt upgrade. Install 8.18.0-1ubuntu2.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y curl
Most apt upgrades restart their service automatically. needrestart lists anything else.
libcurl3t64-gnutls→8.18.0-1ubuntu2.1apt_upgradeStandard apt upgrade. Install 8.18.0-1ubuntu2.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libcurl3t64-gnutls
Most apt upgrades restart their service automatically. needrestart lists anything else.
libcurl4-doc→8.18.0-1ubuntu2.1apt_upgradeStandard apt upgrade. Install 8.18.0-1ubuntu2.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libcurl4-doc
Most apt upgrades restart their service automatically. needrestart lists anything else.
libcurl4-gnutls-dev→8.18.0-1ubuntu2.1apt_upgradeStandard apt upgrade. Install 8.18.0-1ubuntu2.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libcurl4-gnutls-dev
Most apt upgrades restart their service automatically. needrestart lists anything else.
libcurl4-openssl-dev→8.18.0-1ubuntu2.1apt_upgradeStandard apt upgrade. Install 8.18.0-1ubuntu2.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libcurl4-openssl-dev
Most apt upgrades restart their service automatically. needrestart lists anything else.
libcurl4t64→8.18.0-1ubuntu2.1apt_upgradeStandard apt upgrade. Install 8.18.0-1ubuntu2.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libcurl4t64
Most apt upgrades restart their service automatically. needrestart lists anything else.
Are YOU affected by USN-8227-1?
5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8227-1 (and any other live CVE) applies. Anonymous, no signup.
curl https://mindsparkstack.com/scan.sh | bash
StackPatch runs this match against YOUR installed packages every hour
Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.