Back

Multiple curl Vulnerabilities Expose Sensitive Information

Severity: Medium (Score: 57.8)

Sources: Ubuntu, Linuxsecurity

Summary

Multiple vulnerabilities have been discovered in curl, affecting various Ubuntu releases including 22.04 LTS, 24.04 LTS, 25.10, and 26.04 LTS. These vulnerabilities allow remote attackers to potentially obtain sensitive information through improper connection handling. Specific issues include the incorrect reuse of non-TLS connections when TLS is required (CVE-2026-4873), HTTP Negotiate connections (CVE-2026-5545), and SMB connections (CVE-2026-5773). Additionally, curl could leak proxy credentials and other sensitive data under certain configurations (CVE-2026-6253, CVE-2026-6276, CVE-2026-6429, CVE-2026-7168). Users are advised to update their systems to mitigate these risks. The vulnerabilities were disclosed on May 4, 2026, and are considered serious due to the potential for information exposure. Key Points: • Multiple vulnerabilities in curl can expose sensitive information over the network. • Affected Ubuntu versions include 22.04 LTS, 24.04 LTS, 25.10, and 26.04 LTS. • Users are urged to update their systems to the latest package versions to mitigate risks.

Key Entities

  • Data Breach (attack_type)
  • CVE-2026-4873 (cve)
  • CVE-2026-5545 (cve)
  • CVE-2026-5773 (cve)
  • CVE-2026-6253 (cve)
  • CVE-2026-6276 (cve)
  • CWE-200 - Exposure of Sensitive Information (cwe)
  • Ubuntu (company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed