Curl has released a major update that patches 18 vulnerabilities, including CVE-2026-8932, a flaw introduced in version 7.7 from 2001 that could allow authentication bypass in libcurl applications. The update was prompted by community research and AI-assisted discovery from Anthropic’s Mythos and Aisle, highlighting risks in long-forgotten code paths across the widely used tool. #curl #libcurl #CVE-2026-8932 #Anthropic #Mythos #Aisle
Keypoints
- Curl patched 18 vulnerabilities in a single release.
- CVE-2026-8932 dates back to version 7.7 from 2001.
- The flaw could let libcurl reuse a connection and bypass authentication.
- Aisle identified multiple curl and libcurl weaknesses using its AI platform.
- No public in-the-wild exploitation of curl vulnerabilities has been reported.
Read More: https://www.securityweek.com/25-year-old-vulnerability-patched-in-curl/