Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Fedora 43 curl Important Token Leak SMB Fix Advisory FEDORA-2026-66db242036

fedora
Calendar Grey April 22, 2026
Dist Fedora Esm H88
Multiple critical fixes for curl in Fedora 43 include token leak and connection reuse issues to avoid serious exploits.
Fix bad reuse of HTTP Negotiate connection (CVE-2026-1965) Fix token leak with redirect and netrc (CVE-2026-3783) Fix wrong proxy connection reuse with credentials (CVE-2026-3784) ...

Summary

curl is a command line tool for transferring data with URL syntax, supporting

FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,

SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP

uploading, HTTP form based upload, proxies, cookies, user+password

authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer

resume, proxy tunneling and a busload of other useful tricks.

Update Information:

Fix bad reuse of HTTP Negotiate connection (CVE-2026-1965) Fix token leak with redirect and netrc (CVE-2026-3783) Fix wrong proxy connection reuse with credentials (CVE-2026-3784) Fix use after free in SMB connection reuse (CVE-2026-3805)

Topics%20covered

Topics Covered

security advisory fedora buffer overflow arbitrary code execution important curl

Change Log

* Mon Apr 13 2026 Jan Macku - 8.15.0-6 - fix bad reuse of HTTP Negotiate connection (CVE-2026-1965) - fix token leak with redirect and netrc (CVE-2026-3783) - fix wrong proxy connection reuse with credentials (CVE-2026-3784) - fix use after free in SMB connection reuse (CVE-2026-3805)

References


[ 1 ] Bug #2446465 - CVE-2026-3805 curl: curl: Arbitrary code execution or Denial of Service via use-after-free in SMB request handling [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2446465 [ 2 ] Bug #2446480 - CVE-2026-3783 curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2446480 [ 3 ] Bug #2446495 - CVE-2026-3784 curl: curl: Unauthorized access due to improper HTTP proxy connection reuse [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2446495 [ 4 ] Bug #2446511 - CVE-2026-1965 curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2446511

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-66db242036' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: curl
Product: Fedora 43
Version: 8.15.0
Release: 6.fc43
URL: https://curl.se/
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)

Topics%20covered

Topics Covered

security advisory fedora buffer overflow arbitrary code execution important curl

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here