CURL has released a significant update addressing 18 vulnerabilities, including one that has persisted for 25 years. These issues cover problems such as authentication bypass, memory safety, and improper host validation affecting libcurl, which serves over 30 billion devices. Notably, the oldest issue tracked as CVE-2026-8932 relates to connection reuse, where changes to client certificates may not be respected.
The findings, analyzed by AISLE, highlight the effectiveness of AI-assisted detection in identifying these vulnerabilities, which range from credential handling issues to double frees and use-after-free bugs. Despite the extensive nature of these vulnerabilities, there are currently no confirmed instances of exploitation.