curl 8.15

Status EOLSupport 2025-07 – 2025-09Latest 8.15.0Vulnerabilities 16← All curl versions
High 7.5 Unfixed
2026-03-11≤ 8.15.0

use after free in SMB connection reuse

CVE
High 7.5 Unfixed
2025-09-12≤ 8.15.0

Out of bounds read for cookie path

CVE
Medium 6.5 Unfixed
2026-03-11≤ 8.15.0

wrong proxy connection reuse with credentials

CVE
Medium 6.5 Unfixed
2026-03-11≤ 8.15.0

bad reuse of HTTP Negotiate connection

CVE
Medium 6.3 Unfixed
2026-01-08≤ 8.15.0

broken TLS options for threaded LDAPS

CVE
Medium 5.9 Unfixed
2026-01-08≤ 8.15.0

No QUIC certificate pinning with GnuTLS

CVE
Medium 5.3 Unfixed
2026-04-29≤ 8.15.0

curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies

CVE
Medium 5.3 Unfixed
2026-04-29≤ 8.15.0

curl: curl: Information disclosure due to incorrect TLS connection reuse

CVE
Medium 5.3 Unfixed
2026-03-11≤ 8.15.0

token leak with redirect and netrc

CVE
Medium 5.3 Unfixed
2026-01-08≤ 8.15.0

libssh global known_hosts override

CVE
Medium 5.3 Unfixed
2026-01-08≤ 8.15.0

OpenSSL partial chain store policy bypass

CVE
Medium 5.3 Unfixed
2026-01-08≤ 8.15.0

bearer token leak on cross-protocol redirect

CVE
Medium 5.3 Unfixed
2025-09-12≤ 8.15.0

predictable WebSocket mask

CVE
Medium 4.6 Unfixed
2026-02-25≤ 8.15.0

wcurl path traversal with percent-encoded slashes

CVE
Medium 4.3 Unfixed
2025-11-07≤ 8.15.0

missing SFTP host verification with wolfSSH

CVE
Low 3.1 Unfixed
2026-01-08≤ 8.15.0

libssh key passphrase bypass without agent set

CVE