Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Ubuntu 22.04 LTS curl Important Network Exposure Advisory USN-8227-1

ubuntu
Calendar Grey May 4, 2026
Dist Ubuntu Esm H88
Critical Ubuntu curl advisory correcting multiple information leak risks due to improper connection handling. Update now!
curl could be made to expose sensitive information over the network.

Summary

curl could be made to expose sensitive information over the network.

Software Description:

- curl: HTTP, HTTPS, and FTP client and client libraries

Details:

It was discovered that curl incorrectly reused non-TLS connections when

TLS was required in some STARTTLS configurations. A remote attacker could

possibly use this issue to obtain sensitive information. (CVE-2026-4873)

It was discovered that curl incorrectly reused certain HTTP Negotiate

connections. A remote attacker could possibly use this issue to obtain

sensitive information. (CVE-2026-5545)

It was discovered that curl incorrectly reused certain SMB connections. A

remote attacker could possibly use this issue to obtain sensitive

information. (CVE-2026-5773)

It was discovered that curl could leak proxy credentials when handling

redirects in some configurations. A remote attacker could possibly use

this issue to obtain sensitive information. (CVE-2026-6253)

It was discovered that curl could leak cookies because of stal...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory information leak Ubuntu important curl network exposure

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  curl                            8.18.0-1ubuntu2.1
  libcurl3t64-gnutls              8.18.0-1ubuntu2.1
  libcurl4t64                     8.18.0-1ubuntu2.1

Ubuntu 25.10
  curl                            8.14.1-2ubuntu1.3
  libcurl3t64-gnutls              8.14.1-2ubuntu1.3
  libcurl4t64                     8.14.1-2ubuntu1.3

Ubuntu 24.04 LTS
  curl                            8.5.0-2ubuntu10.9
  libcurl3t64-gnutls              8.5.0-2ubuntu10.9
  libcurl4t64                     8.5.0-2ubuntu10.9

Ubuntu 22.04 LTS
  curl                            7.81.0-1ubuntu1.24
  libcurl3-gnutls                 7.81.0-1ubuntu1.24
  libcurl3-nss                    7.81.0-1ubuntu1.24
  libcurl4                        7.81.0-1ubuntu1.24

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8227-1

CVE-2026-4873, CVE-2026-5545, CVE-2026-5773, CVE-2026-6253,

CVE-2026-6276, CVE-2026-6429, CVE-2026-7168

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8227-1

Topics%20covered

Topics Covered

security advisory information leak Ubuntu important curl network exposure

Package Information

https://launchpad.net/ubuntu/+source/curl/8.18.0-1ubuntu2.1
https://launchpad.net/ubuntu/+source/curl/8.14.1-2ubuntu1.3
https://launchpad.net/ubuntu/+source/curl/8.5.0-2ubuntu10.9
https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.24

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here