Libcurl
The latest Libcurl coverage — news, analysis, and updates from the WindowsNews.AI desk.
CVE-2026-3784: Critical curl Proxy Authentication Flaw Fixed in Version 8.19.0
The curl project has disclosed a critical vulnerability that exposes users to authentication bypass attacks when using HTTP proxies. Tracked as CVE-2026-3784, this flaw affects both libcurl and the...
libcurl 8.19.0 patches CVE-2026-1965 connection reuse flaw exposing user authentication
A critical security vulnerability in libcurl's Negotiate authentication mechanism has been patched in version 8.19.0, addressing a logic flaw that could expose authenticated sessions to...
CVE-2026-3783: Critical cURL Bearer Token Leak Vulnerability Fixed in Version 8.19.0
A critical security vulnerability in cURL and libcurl allows OAuth2 bearer tokens to leak across HTTP(S) redirects when credentials are sourced from .netrc files. Tracked as CVE-2026-3783, this flaw...
CVE-2023-27537: Patch Your Windows Apps to Stop This libcurl Double-Free Bug
A race condition in libcurl, the omnipresent network library, can crash Windows applications that share HSTS data between threads, and the fix requires more than just waiting for Windows Update —...
CVE-2023-27536: libcurl GSSAPI Delegation Flaw - Security Analysis & Windows Impact
A subtle but significant security vulnerability in libcurl, tracked as CVE-2023-27536, has exposed a critical connection-reuse flaw that could allow attackers to bypass authentication mechanisms in...
CVE-2023-27538: Azure Linux Libcurl Vulnerability Explained
The discovery of CVE-2023-27538 in early 2023 sent ripples through the Azure Linux community, revealing a critical vulnerability in the libcurl library that affected Microsoft's cloud-optimized Linux...
CVE-2024-6874: The macidn Bug in libcurl & Microsoft's Azure Linux Attestation
A critical vulnerability in the ubiquitous libcurl library, tracked as CVE-2024-6874, has thrust Microsoft's Azure Linux into the spotlight, raising significant questions about software supply chain...
CVE-2023-38546: The libcurl Cookie Duplication Vulnerability Explained
A subtle but significant security vulnerability in libcurl's handle duplication mechanism has been patched in version 8.4.0, addressing CVE-2023-38546. This bug, which existed in the widely-used data...
CVE-2024-2398: Understanding the Curl HTTP/2 Memory Leak Vulnerability
The curl project's recent security advisory for CVE-2024-2398 reveals a deceptively simple yet potentially dangerous vulnerability in one of the internet's most fundamental software components. This...
CVE-2025-10148: Curl Flaw Confirmed in Azure Linux, But Are Other Microsoft Products Safe?
Microsoft has confirmed that its Azure Linux distribution is potentially vulnerable to CVE-2025-10148, a recently disclosed flaw in the curl library’s WebSocket implementation. The advisory,...
libcurl Bug Threatens Windows Apps with Crashes and Cookie Theft—Here’s How to Patch
In September 2025, the curl project disclosed CVE-2025-9086, an out-of-bounds read in libcurl that can crash applications and, in rare cases, let attackers overwrite secure cookies. The flaw touches...