curl 8.13

Status EOLSupport 2025-04 – 2025-05Latest 8.13.0Vulnerabilities 18← All curl versions
High 7.5 Unfixed
2026-03-11≤ 8.13.0

use after free in SMB connection reuse

CVE
High 7.5 Unfixed
2025-09-12≤ 8.13.0

Out of bounds read for cookie path

CVE
High 7.5 Unfixed
2025-06-07≤ 8.13.0

WebSocket endless loop

CVE
Medium 6.5 Unfixed
2026-03-11≤ 8.13.0

wrong proxy connection reuse with credentials

CVE
Medium 6.5 Unfixed
2026-03-11≤ 8.13.0

bad reuse of HTTP Negotiate connection

CVE
Medium 6.5 Unfixed
2025-05-28≤ 8.13.0

QUIC certificate check skip with wolfSSL

CVE
Medium 6.3 Unfixed
2026-01-08≤ 8.13.0

broken TLS options for threaded LDAPS

CVE
Medium 5.9 Unfixed
2026-01-08≤ 8.13.0

No QUIC certificate pinning with GnuTLS

CVE
Medium 5.3 Unfixed
2026-04-29≤ 8.13.0

curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies

CVE
Medium 5.3 Unfixed
2026-04-29≤ 8.13.0

curl: curl: Information disclosure due to incorrect TLS connection reuse

CVE
Medium 5.3 Unfixed
2026-03-11≤ 8.13.0

token leak with redirect and netrc

CVE
Medium 5.3 Unfixed
2026-01-08≤ 8.13.0

libssh global known_hosts override

CVE
Medium 5.3 Unfixed
2026-01-08≤ 8.13.0

OpenSSL partial chain store policy bypass

CVE
Medium 5.3 Unfixed
2026-01-08≤ 8.13.0

bearer token leak on cross-protocol redirect

CVE
Medium 5.3 Unfixed
2025-09-12≤ 8.13.0

predictable WebSocket mask

CVE
Medium 4.8 Unfixed
2025-05-28≤ 8.13.0

No QUIC certificate pinning with wolfSSL

CVE
Medium 4.3 Unfixed
2025-11-07≤ 8.13.0

missing SFTP host verification with wolfSSH

CVE
Low 3.1 Unfixed
2026-01-08≤ 8.13.0

libssh key passphrase bypass without agent set

CVE