CVE-2026-4873 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
curl	CNA	5.9 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 1%

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
curl	curl	𝑥 ≤ 8.19.0	CNA
curl	curl	𝑥 ≤ 8.18.0	CNA
curl	curl	𝑥 ≤ 8.17.0	CNA
curl	curl	𝑥 ≤ 8.16.0	CNA
curl	curl	𝑥 ≤ 8.15.0	CNA
curl	curl	𝑥 ≤ 8.14.1	CNA
curl	curl	𝑥 ≤ 8.14.0	CNA
curl	curl	𝑥 ≤ 8.13.0	CNA
curl	curl	𝑥 ≤ 8.12.1	CNA
curl	curl	𝑥 ≤ 8.12.0	CNA
curl	curl	𝑥 ≤ 8.11.1	CNA
curl	curl	𝑥 ≤ 8.11.0	CNA
curl	curl	𝑥 ≤ 8.10.1	CNA
curl	curl	𝑥 ≤ 8.10.0	CNA
curl	curl	𝑥 ≤ 8.9.1	CNA
curl	curl	𝑥 ≤ 8.9.0	CNA
curl	curl	𝑥 ≤ 8.8.0	CNA
curl	curl	𝑥 ≤ 8.7.1	CNA
curl	curl	𝑥 ≤ 8.7.0	CNA
curl	curl	𝑥 ≤ 8.6.0	CNA
curl	curl	𝑥 ≤ 8.5.0	CNA
curl	curl	𝑥 ≤ 8.4.0	CNA
curl	curl	𝑥 ≤ 8.3.0	CNA
curl	curl	𝑥 ≤ 8.2.1	CNA
curl	curl	𝑥 ≤ 8.2.0	CNA
curl	curl	𝑥 ≤ 8.1.2	CNA
curl	curl	𝑥 ≤ 8.1.1	CNA
curl	curl	𝑥 ≤ 8.1.0	CNA
curl	curl	𝑥 ≤ 8.0.1	CNA
curl	curl	𝑥 ≤ 8.0.0	CNA
curl	curl	𝑥 ≤ 7.88.1	CNA
curl	curl	𝑥 ≤ 7.88.0	CNA
curl	curl	𝑥 ≤ 7.87.0	CNA
curl	curl	𝑥 ≤ 7.86.0	CNA
curl	curl	𝑥 ≤ 7.85.0	CNA
curl	curl	𝑥 ≤ 7.84.0	CNA
curl	curl	𝑥 ≤ 7.83.1	CNA
curl	curl	𝑥 ≤ 7.83.0	CNA
curl	curl	𝑥 ≤ 7.82.0	CNA
curl	curl	𝑥 ≤ 7.81.0	CNA
curl	curl	𝑥 ≤ 7.80.0	CNA
curl	curl	𝑥 ≤ 7.79.1	CNA
curl	curl	𝑥 ≤ 7.79.0	CNA
curl	curl	𝑥 ≤ 7.78.0	CNA
curl	curl	𝑥 ≤ 7.77.0	CNA
curl	curl	𝑥 ≤ 7.76.1	CNA
curl	curl	𝑥 ≤ 7.76.0	CNA
curl	curl	𝑥 ≤ 7.75.0	CNA
curl	curl	𝑥 ≤ 7.74.0	CNA
curl	curl	𝑥 ≤ 7.73.0	CNA
curl	curl	𝑥 ≤ 7.72.0	CNA
curl	curl	𝑥 ≤ 7.71.1	CNA
curl	curl	𝑥 ≤ 7.71.0	CNA
curl	curl	𝑥 ≤ 7.70.0	CNA
curl	curl	𝑥 ≤ 7.69.1	CNA
curl	curl	𝑥 ≤ 7.69.0	CNA
curl	curl	𝑥 ≤ 7.68.0	CNA
curl	curl	𝑥 ≤ 7.67.0	CNA
curl	curl	𝑥 ≤ 7.66.0	CNA
curl	curl	𝑥 ≤ 7.65.3	CNA
curl	curl	𝑥 ≤ 7.65.2	CNA
curl	curl	𝑥 ≤ 7.65.1	CNA
curl	curl	𝑥 ≤ 7.65.0	CNA
curl	curl	𝑥 ≤ 7.64.1	CNA
curl	curl	𝑥 ≤ 7.64.0	CNA
curl	curl	𝑥 ≤ 7.63.0	CNA
curl	curl	𝑥 ≤ 7.62.0	CNA
curl	curl	𝑥 ≤ 7.61.1	CNA
curl	curl	𝑥 ≤ 7.61.0	CNA
curl	curl	𝑥 ≤ 7.60.0	CNA
curl	curl	𝑥 ≤ 7.59.0	CNA
curl	curl	𝑥 ≤ 7.58.0	CNA
curl	curl	𝑥 ≤ 7.57.0	CNA
curl	curl	𝑥 ≤ 7.56.1	CNA
curl	curl	𝑥 ≤ 7.56.0	CNA
curl	curl	𝑥 ≤ 7.55.1	CNA
curl	curl	𝑥 ≤ 7.55.0	CNA
curl	curl	𝑥 ≤ 7.54.1	CNA
curl	curl	𝑥 ≤ 7.54.0	CNA
curl	curl	𝑥 ≤ 7.53.1	CNA
curl	curl	𝑥 ≤ 7.53.0	CNA
curl	curl	𝑥 ≤ 7.52.1	CNA
curl	curl	𝑥 ≤ 7.52.0	CNA
curl	curl	𝑥 ≤ 7.51.0	CNA
curl	curl	𝑥 ≤ 7.50.3	CNA
curl	curl	𝑥 ≤ 7.50.2	CNA
curl	curl	𝑥 ≤ 7.50.1	CNA
curl	curl	𝑥 ≤ 7.50.0	CNA
curl	curl	𝑥 ≤ 7.49.1	CNA
curl	curl	𝑥 ≤ 7.49.0	CNA
curl	curl	𝑥 ≤ 7.48.0	CNA
curl	curl	𝑥 ≤ 7.47.1	CNA
curl	curl	𝑥 ≤ 7.47.0	CNA
curl	curl	𝑥 ≤ 7.46.0	CNA
curl	curl	𝑥 ≤ 7.45.0	CNA
curl	curl	𝑥 ≤ 7.44.0	CNA
curl	curl	𝑥 ≤ 7.43.0	CNA
curl	curl	𝑥 ≤ 7.42.1	CNA
curl	curl	𝑥 ≤ 7.42.0	CNA
curl	curl	𝑥 ≤ 7.41.0	CNA
curl	curl	𝑥 ≤ 7.40.0	CNA
curl	curl	𝑥 ≤ 7.39.0	CNA
curl	curl	𝑥 ≤ 7.38.0	CNA
curl	curl	𝑥 ≤ 7.37.1	CNA
curl	curl	𝑥 ≤ 7.37.0	CNA
curl	curl	𝑥 ≤ 7.36.0	CNA
curl	curl	𝑥 ≤ 7.35.0	CNA
curl	curl	𝑥 ≤ 7.34.0	CNA
curl	curl	𝑥 ≤ 7.33.0	CNA
curl	curl	𝑥 ≤ 7.32.0	CNA
curl	curl	𝑥 ≤ 7.31.0	CNA
curl	curl	𝑥 ≤ 7.30.0	CNA
curl	curl	𝑥 ≤ 7.29.0	CNA
curl	curl	𝑥 ≤ 7.28.1	CNA
curl	curl	𝑥 ≤ 7.28.0	CNA
curl	curl	𝑥 ≤ 7.27.0	CNA
curl	curl	𝑥 ≤ 7.26.0	CNA
curl	curl	𝑥 ≤ 7.25.0	CNA
curl	curl	𝑥 ≤ 7.24.0	CNA
curl	curl	𝑥 ≤ 7.23.1	CNA
curl	curl	𝑥 ≤ 7.23.0	CNA
curl	curl	𝑥 ≤ 7.22.0	CNA
curl	curl	𝑥 ≤ 7.21.7	CNA
curl	curl	𝑥 ≤ 7.21.6	CNA
curl	curl	𝑥 ≤ 7.21.5	CNA
curl	curl	𝑥 ≤ 7.21.4	CNA
curl	curl	𝑥 ≤ 7.21.3	CNA
curl	curl	𝑥 ≤ 7.21.2	CNA
curl	curl	𝑥 ≤ 7.21.1	CNA
curl	curl	𝑥 ≤ 7.21.0	CNA
curl	curl	𝑥 ≤ 7.20.1	CNA
curl	curl	𝑥 ≤ 7.20.0	CNA

Debian Releases

Debian Product

Codename

curl

bookworm	no-dsa
bookworm (security)	vulnerable
bullseye	postponed
bullseye (security)	vulnerable
forky	8.20.0-1 fixed
sid	8.20.0-1 fixed
trixie	no-dsa

Ubuntu Releases

Ubuntu Product

Codename

curl

bionic	needed
focal	needed
jammy	Fixed 7.81.0-1ubuntu1.24 released
noble	Fixed 8.5.0-2ubuntu10.9 released
questing	Fixed 8.14.1-2ubuntu1.3 released
resolute	Fixed 8.18.0-1ubuntu2.1 released
trusty	needed
xenial	needed

openSUSE / SLES Releases

openSUSE Product

Release

curl

suse enterprise sap 15 SP4	8.14.1-150400.5.83.1 fixed
suse enterprise sap 15 SP5	8.14.1-150400.5.83.1 fixed
suse enterprise server 15 SP4	8.14.1-150400.5.83.1 fixed
suse enterprise server 15 SP5	8.14.1-150400.5.83.1 fixed

libcurl-devel

suse enterprise sap 15 SP4	8.14.1-150400.5.83.1 fixed
suse enterprise sap 15 SP5	8.14.1-150400.5.83.1 fixed
suse enterprise server 15 SP4	8.14.1-150400.5.83.1 fixed
suse enterprise server 15 SP5	8.14.1-150400.5.83.1 fixed

libcurl4

suse enterprise sap 15 SP4	8.14.1-150400.5.83.1 fixed
suse enterprise sap 15 SP5	8.14.1-150400.5.83.1 fixed
suse enterprise server 15 SP4	8.14.1-150400.5.83.1 fixed
suse enterprise server 15 SP5	8.14.1-150400.5.83.1 fixed

libcurl4-32bit

suse enterprise sap 15 SP4	8.14.1-150400.5.83.1 fixed
suse enterprise sap 15 SP5	8.14.1-150400.5.83.1 fixed
suse enterprise server 15 SP4	8.14.1-150400.5.83.1 fixed
suse enterprise server 15 SP5	8.14.1-150400.5.83.1 fixed

Common Weakness Enumeration

CWE-319 - Cleartext Transmission of Sensitive Information
The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Vulnerability Media Exposure

[GERMAN] cURL: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in cURL ausnutzen, um Sicherheitsvorkehrungen zu umgehen, vertrauliche Informationen offenzulegen oder Daten zu manipulieren.
Published: 2026-04-28T22:00:00+00:00

References

https://curl.se/docs/CVE-2026-4873.html

https://curl.se/docs/CVE-2026-4873.json

https://hackerone.com/reports/3621851

http://www.openwall.com/lists/oss-security/2026/04/29/7