Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

Ubuntu 20.04 curl Critical Authentication Issues USN-8099-1 CVE-2026-1965

ubuntu
Calendar Grey March 16, 2026
Dist Ubuntu Esm H88
Several critical security issues fixed in curl for Ubuntu 20.04 and 18.04 that could lead to credential leaks and unauthorized access.
Several security issues were fixed in curl.

Summary

Several security issues were fixed in curl.

Software Description:

- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

Zhicheng Chen discovered that curl could incorrectly reuse the wrong

connection for Negotiate-authenticated HTTP or HTTPS requests. This could

result in the use of credentials from a different connection, contrary to

expectations. This issue only affected Ubuntu 20.04 LTS. (CVE-2026-1965)

It was discovered that curl incorrectly leaked OAuth2 bearer tokens when

following a redirect. This could result in tokens being sent to the wrong

host, contrary to expectations. This issue only affected Ubuntu 20.04 LTS.

(CVE-2026-3783)

Muhamad Arga Reksapati discovered that curl incorrectly reused existing

HTTP proxy connections even if the request used different credentials. This

could result in the use of incorrect credentials, contrary to expectations.

(CVE-2026-3784)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
  curl                            7.68.0-1ubuntu2.25+esm3
                                  Available with Ubuntu Pro
  libcurl3-gnutls                 7.68.0-1ubuntu2.25+esm3
                                  Available with Ubuntu Pro
  libcurl3-nss                    7.68.0-1ubuntu2.25+esm3
                                  Available with Ubuntu Pro
  libcurl4                        7.68.0-1ubuntu2.25+esm3
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  curl                            7.58.0-2ubuntu3.24+esm8
                                  Available with Ubuntu Pro
  libcurl3-gnutls                 7.58.0-2ubuntu3.24+esm8
                                  Available with Ubuntu Pro
  libcurl3-nss                    7.58.0-2ubuntu3.24+esm8
                                  Available with Ubuntu Pro
  libcurl4                        7.58.0-2ubuntu3.24+esm8
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8099-1

CVE-2026-1965, CVE-2026-3783, CVE-2026-3784

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8099-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here