Curl Patches 25-Year-Old Vulnerability in Major Security Update

Curl has released a significant update fixing 18 vulnerabilities, including a critical flaw that has existed for over 25 years. This vulnerability, identified as CVE-2026-8932, was first introduced in curl version 7.7 on March 22, 2001. The update addresses issues related to authentication bypass, memory safety, and host validation in libcurl. The long-standing bug highlights the importance of regular security audits in widely used open-source software. Users of curl are advised to update their systems to mitigate potential risks associated with these vulnerabilities. This release marks the largest number of CVEs fixed in a single curl version to date.

Key Points: • Curl fixed 18 vulnerabilities, including a 25-year-old flaw (CVE-2026-8932). • The vulnerabilities span critical issues like authentication bypass and memory safety. • Users are urged to update their systems to protect against these vulnerabilities.