Multiple Vulnerabilities Discovered in curl Affecting Ubuntu Systems

Multiple Vulnerabilities Discovered in curl Affecting Ubuntu Systems

First seen 1 Jul 2026, 03:25 UTC UbuntuLinuxsecurity 94% similarity 57.8
Share:

Article Content

Browse articles
ThreatCluster

A series of vulnerabilities in curl have been identified, affecting multiple versions of Ubuntu, including 18.04 LTS, 20.04 LTS, 22.04 LTS, 24.04 LTS, 25.10, and 26.04 LTS. The vulnerabilities allow remote attackers to exploit connection reuse and cookie parsing issues, potentially leading to unauthorized access and denial of service. Key vulnerabilities include CVE-2026-8286, which allows unintended TLS configurations during STARTTLS upgrades, and CVE-2026-8458, which enables access to resources authenticated for different services. Additionally, CVE-2026-8924 involves improper cookie handling that could expose users to third-party domains. The vulnerabilities have been patched, and users are advised to update their systems immediately.

Key Points: • curl vulnerabilities affect multiple Ubuntu LTS versions, including 18.04 to 26.04. • CVE-2026-8286 allows unintended TLS configurations during connection upgrades. • Users are urged to update their systems to mitigate security risks.

ThreatCluster AI

Timeline

2026-06-30
Ubuntu security notice USN-8487-1 released
Ubuntu published a security notice detailing vulnerabilities in curl, including CVE-2026-8286 and CVE-2026-8458.
Ubuntu
2026-07-01
Linuxsecurity reports on curl vulnerabilities
Linuxsecurity published an advisory on the vulnerabilities found in curl, urging users to update their systems.
Linuxsecurity

Community

Browse all →