THE open-source tool curl has been updated to address 18 vulnerabilities, including one that has persisted for 25 years. Of the 18 flaws, four are classified as medium severity and fourteen as low severity, with the most notable being CVE-2026-8932, which could lead to authentication bypass. The vulnerabilities were identified through a community effort, including the utilization of AI technology by vulnerability management firm Aisle.
Other notable vulnerabilities include credential confusion and use-after-free issues. Despite the large user base of over 30 billion devices, no successful exploitation of these flaws has been reported in the wild. The update represents the largest number of CVEs patched in a single curl release.