CLSA-2026-1774259901
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.5els/CLSA-2026-1774259901.json
- JSON Data
- https://api.osv.dev/v1/vulns/CLSA-2026-1774259901
- Upstream
- Published
- 2026-03-23T09:58:29Z
- Modified
- 2026-06-01T00:33:23.373185372Z
- Summary
- curl: Fix of 3 CVEs
- Details
-
- CVE-2026-1965: fix incorrect connection reuse; prevent reuse of Negotiate- authenticated connections with different credentials and require authentication identity match
- CVE-2026-3784: fix wrong proxy connection reuse with different credentials; check proxy user/password in proxyinfomatches to prevent reuse of HTTP proxy CONNECT connections when credentials differ
- CVE-2026-3783: prevent bearer token leak on HTTP(S) redirect when .netrc contains entries for the redirected host
- References
Affected packages
TuxCare:CentOS:8.5 / curl
Package
- Name
- curl
- Purl
- pkg:rpm/tuxcare/curl?distro=centos-8.5
TuxCare:CentOS:8.5 / curl-minimal
Package
- Name
- curl-minimal
- Purl
- pkg:rpm/tuxcare/curl-minimal?distro=centos-8.5
TuxCare:CentOS:8.5 / libcurl
Package
- Name
- libcurl
- Purl
- pkg:rpm/tuxcare/libcurl?distro=centos-8.5
TuxCare:CentOS:8.5 / libcurl-devel
Package
- Name
- libcurl-devel
- Purl
- pkg:rpm/tuxcare/libcurl-devel?distro=centos-8.5