curl 8.14

Status EOLSupport 2025-05 – 2025-07Latest 8.14.1Vulnerabilities 17← All curl versions
High 7.5 Unfixed
2026-03-11≤ 8.14.1

use after free in SMB connection reuse

CVE
High 7.5 Unfixed
2025-09-12≤ 8.14.1

Out of bounds read for cookie path

CVE
High 7.5 Unfixed
2025-06-07≤ 8.14.1

WebSocket endless loop

CVE
Medium 6.5 Unfixed
2026-03-11≤ 8.14.1

wrong proxy connection reuse with credentials

CVE
Medium 6.5 Unfixed
2026-03-11≤ 8.14.1

bad reuse of HTTP Negotiate connection

CVE
Medium 6.3 Unfixed
2026-01-08≤ 8.14.1

broken TLS options for threaded LDAPS

CVE
Medium 5.9 Unfixed
2026-01-08≤ 8.14.1

No QUIC certificate pinning with GnuTLS

CVE
Medium 5.3 Unfixed
2026-04-29≤ 8.14.1

curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies

CVE
Medium 5.3 Unfixed
2026-04-29≤ 8.14.1

curl: curl: Information disclosure due to incorrect TLS connection reuse

CVE
Medium 5.3 Unfixed
2026-03-11≤ 8.14.1

token leak with redirect and netrc

CVE
Medium 5.3 Unfixed
2026-01-08≤ 8.14.1

libssh global known_hosts override

CVE
Medium 5.3 Unfixed
2026-01-08≤ 8.14.1

OpenSSL partial chain store policy bypass

CVE
Medium 5.3 Unfixed
2026-01-08≤ 8.14.1

bearer token leak on cross-protocol redirect

CVE
Medium 5.3 Unfixed
2025-09-12≤ 8.14.1

predictable WebSocket mask

CVE
Medium 4.6 Unfixed
2026-02-25≤ 8.14.1

wcurl path traversal with percent-encoded slashes

CVE
Medium 4.3 Unfixed
2025-11-07≤ 8.14.1

missing SFTP host verification with wolfSSH

CVE
Low 3.1 Unfixed
2026-01-08≤ 8.14.1

libssh key passphrase bypass without agent set

CVE