Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 42 curl Critical Authentication Fixes 2026-907bbf2a13

fedora
Calendar Grey April 19, 2026
Dist Fedora Esm H88
Multiple fixes for curl vulnerabilities in Fedora 42, ensuring safe data transfers and preventing unauthorized access issues.
fix bad reuse of HTTP Negotiate connection (CVE-2026-1965) fix token leak with redirect and netrc (CVE-2026-3783) fix wrong proxy connection reuse with credentials (CVE-2026-3784) ...

Summary

curl is a command line tool for transferring data with URL syntax, supporting

FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,

SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP

uploading, HTTP form based upload, proxies, cookies, user+password

authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer

resume, proxy tunneling and a busload of other useful tricks.

Update Information:

fix bad reuse of HTTP Negotiate connection (CVE-2026-1965) fix token leak with redirect and netrc (CVE-2026-3783) fix wrong proxy connection reuse with credentials (CVE-2026-3784) fix use after free in SMB connection reuse (CVE-2026-3805)

Topics%20covered

Topics Covered

security advisory denial of service fedora information disclosure curl HTTP response

Change Log

* Tue Apr 14 2026 Jan Macku - 8.11.1-8 - fix bad reuse of HTTP Negotiate connection (CVE-2026-1965) - fix token leak with redirect and netrc (CVE-2026-3783) - fix wrong proxy connection reuse with credentials (CVE-2026-3784) - fix use after free in SMB connection reuse (CVE-2026-3805)

References


[ 1 ] Bug #2446457 - CVE-2026-3805 curl: curl: Arbitrary code execution or Denial of Service via use-after-free in SMB request handling [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2446457 [ 2 ] Bug #2446472 - CVE-2026-3783 curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2446472 [ 3 ] Bug #2446488 - CVE-2026-3784 curl: curl: Unauthorized access due to improper HTTP proxy connection reuse [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2446488 [ 4 ] Bug #2446504 - CVE-2026-1965 curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2446504

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-907bbf2a13' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: curl
Product: Fedora 42
Version: 8.11.1
Release: 8.fc42
URL: https://curl.se/
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)

Topics%20covered

Topics Covered

security advisory denial of service fedora information disclosure curl HTTP response

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here