Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves 10 vulnerabilities can now be installed.. # Security update for curl Announcement ID: SUSE-SU-2026:22553-1 Release Date: 2026-07-08T13:45:27Z Rating: important References: * bsc#1268402 * bsc#1268407 * bsc#1268409 * bsc#1268413 * bsc#1268415 * bsc#1268416 * bsc#1268417 * bsc#1268420 * bsc#1268422 * bsc#1268427 Cross-References: * CVE-2026-10536 * CVE-2026-12064 * CVE-2026-8286 * CVE-2026-8458 * CVE-2026-8924 * CVE-2026-8927 * CVE-2026-9079 * CVE-2026-9080 * CVE-2026-9545 * CVE-2026-9547 CVSS scores: * CVE-2026-10536 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-10536 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-10536 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-12064 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-12064 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-12064 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-8286 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-8286 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-8286 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-8458 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-8458 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-8458 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-8924 ( SUSE ): 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-8924 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N * CVE-2026-8924 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-8927 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-8927 ( SUSE ): 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-8927 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-9079 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-9079 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-9079 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-9080 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-9080 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-9080 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-9545 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-9545 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-9545 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-9547 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-9547 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-9547 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: * SUSE Linux Micro 6.2 An update that solves 10 vulnerabilities can now be installed. ## Description: This update for curl fixes the following issues * CVE-2026-8286: wrong STARTTLS connection reuse (bsc#1268402). * CVE-2026-8458: wrong reuse for different services (bsc#1268407). * CVE-2026-8924: traling dot domain super cookie (bsc#1268409). * CVE-2026-8927: env-set cross-proxy Digest auth state leak (bsc#1268413). * CVE-2026-9079: stale proxy password leak (bsc#1268415). * CVE-2026-9080: UAF after pause in socket callback (bsc#1268416). * CVE-2026-9545: exposing HTTP/3 early data (bsc#1268417). * CVE-2026-9547: SSH improper host validation (bsc#1268420). * CVE-2026-10536: HTTP/2 stream-dependency tree UAF (bsc#1268422). * CVE-2026-12064: proto-default skips SSH verification (bsc#1268427). ## Patch Instructions: To install thisSUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-1187=1 ## Package List: * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64) * libcurl4-8.14.1-160000.8.1 * curl-debuginfo-8.14.1-160000.8.1 * curl-debugsource-8.14.1-160000.8.1 * curl-8.14.1-160000.8.1 * libcurl4-debuginfo-8.14.1-160000.8.1 ## References: * https://www.suse.com/security/cve/CVE-2026-10536.html * https://www.suse.com/security/cve/CVE-2026-12064.html * https://www.suse.com/security/cve/CVE-2026-8286.html * https://www.suse.com/security/cve/CVE-2026-8458.html * https://www.suse.com/security/cve/CVE-2026-8924.html * https://www.suse.com/security/cve/CVE-2026-8927.html * https://www.suse.com/security/cve/CVE-2026-9079.html * https://www.suse.com/security/cve/CVE-2026-9080.html * https://www.suse.com/security/cve/CVE-2026-9545.html * https://www.suse.com/security/cve/CVE-2026-9547.html * https://bugzilla.suse.com/show_bug.cgi?id=1268402 * https://bugzilla.suse.com/show_bug.cgi?id=1268407 * https://bugzilla.suse.com/show_bug.cgi?id=1268409 * https://bugzilla.suse.com/show_bug.cgi?id=1268413 * https://bugzilla.suse.com/show_bug.cgi?id=1268415 * https://bugzilla.suse.com/show_bug.cgi?id=1268416 * https://bugzilla.suse.com/show_bug.cgi?id=1268417 * https://bugzilla.suse.com/show_bug.cgi?id=1268420 * https://bugzilla.suse.com/show_bug.cgi?id=1268422 * https://bugzilla.suse.com/show_bug.cgi?id=1268427 . A security update for curl addresses 10 vulnerabilities, enhancing protection for SUSE users and supporting prompt installations.. SUSE update,curl security,important patch,curl vulnerabilities. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.