18 CVEs fixed in Curl 8.21.0
7 hours ago
- #security
- #vulnerabilities
- #curl
- curl 8.21.0 release includes 18 new vulnerabilities announced by Daniel Stenberg.
- Vulnerabilities span various severities: LOW and MEDIUM, with no CRITICAL issues listed.
- Issues cover multiple areas: connection reuse, authentication leaks, memory safety (UAF/double-free), and protocol-specific flaws (HTTP/2, QUIC, SSH, etc.).
- Each CVE includes a title, severity, and a link to detailed documentation on curl.se.
- The announcement was made via the curl-library mailing list on June 24, 2026.