curl
CVE Numbering Authority
Latest CVE published
Overview
curl is a CVE Numbering Authority that has published 26 CVE records since 2024. It is currently classified as active, with 25 CVEs published in the last two years. Its CVE data quality is graded F (57.7% overall completeness).
Among the 370 CNAs tracked here, curl ranks #224 by CVE volume and reports more complete records than 12% of all CNAs.
Data quality report card
How complete and consistent curl's CVE records are, scored across vendor, product, CVSS, and CWE coverage.
A CVE record only requires a description to be published. “Completeness” measures how often curl also fills in the optional — but extremely useful — fields that make a vulnerability actually actionable: the affected vendor and product, a CVSS severity score, and a CWE weakness type. A higher score means more of this CNA’s CVEs include those details, so defenders spend less time enriching records by hand.
Report card grade
57.7%
Overall score
What these scores mean
- Vendor completeness
- The share of this CNA's CVEs that name an affected vendor.
- Product completeness
- The share that name a specific affected product.
- CVSS completeness
- The share that include a CVSS severity score.
- CWE completeness
- The share mapped to a CWE weakness type.
- Update rate
- How often this CNA revises CVE records after first publishing them.
- Vendor diversity
- How many distinct vendors this CNA publishes CVEs for.
Severity and exploitation
How the CVSS severity of curl's published CVEs breaks down, and how many are known to be exploited in the wild.
In CISA’s Known Exploited Vulnerabilities catalog
0
None of curl's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.
Common weakness types
The CWE weakness categories curl most often assigns to its CVEs. Follow any weakness to its full explanation.
- CWE-295Improper Certificate Validation3 CVEs
- CWE-297Improper Validation of Certificate with Host Mismatch2 CVEs
- CWE-305Authentication Bypass by Primary Weakness2 CVEs
- CWE-436Interpretation Conflict1 CVE
- CWE-287Improper Authentication1 CVE
- CWE-522Insufficiently Protected Credentials1 CVE
- CWE-319Cleartext Transmission of Sensitive Information1 CVE
- CWE-416Use After Free1 CVE
Publishing activity by year
How many CVEs curl has published each year.
Top vendors
The vendors curl publishes the most CVEs for.
- haxx56 CVEs
- curl56 CVEs
- netapp9 CVEs
- apple4 CVEs
- Siemens3 CVEs
- fedoraproject2 CVEs
- debian2 CVEs
- zlib1 CVEs
Top products
The products curl publishes the most CVEs for.
- curl56 CVEs
- h500s8 CVEs
- h300s8 CVEs
- bootstrap os8 CVEs
- h410s firmware8 CVEs
- h300s firmware8 CVEs
- h410s8 CVEs
- h500s firmware8 CVEs
Latest CVEs
The most recent CVEs assigned by curl.
- CVE-2026-9547
SSH improper host validation
High · CVSS 7.4EPSS 0.5%2026-07-03 - CVE-2026-9546
sending old referer
High · CVSS 7.5EPSS 0.7%2026-07-03 - CVE-2026-9545
exposing HTTP/3 early data
High · CVSS 7.5EPSS 0.4%2026-07-03 - CVE-2026-9080
UAF after pause in socket callback
High · CVSS 7.3EPSS 0.5%2026-07-03 - CVE-2026-9079
stale proxy password leak
Critical · CVSS 9.8EPSS 1.1%2026-07-03 - CVE-2026-8932
incomplete mTLS config matching in conn reuse
High · CVSS 7.5EPSS 0.4%2026-07-03 - CVE-2026-8927
env-set cross-proxy Digest auth state leak
Critical · CVSS 9.1EPSS 0.8%2026-07-03 - CVE-2026-8926
password leak with netrc and user in URL
Critical · CVSS 9.1EPSS 0.6%2026-07-03 - CVE-2026-8925
SASL double-free
Critical · CVSS 9.8EPSS 1.1%2026-07-03 - CVE-2026-8924
trailing dot domain super cookie
Critical · CVSS 9.1EPSS 0.6%2026-07-03 - CVE-2026-8458
wrong reuse for different services
Medium · CVSS 6.5EPSS 0.5%2026-07-03 - CVE-2026-8286
wrong STARTTLS connection reuse
High · CVSS 8.1EPSS 0.5%2026-07-03
Track new curl CVEs as they are published and get AI-written analysis and remediation guidance.
Monitor curl CVEsOther CNAs
Compare data quality across other CVE Numbering Authorities.
Frequently asked questions
Common questions about the curl CNA.
- What is the curl CNA?
- curl is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 26 CVE records since 2024.
- How many CVEs has curl published?
- curl has published 26 CVE records, including 25 in the last two years.
- What is curl's CVE data quality grade?
- RadicalNotion.AI grades curl's CVE data quality as F, with an overall completeness score of 57.7%. This reflects how consistently its CVE records include vendor (100%), product (100%), CVSS (0%), and CWE (30.8%) information.
- What products does curl publish CVEs for?
- curl most frequently publishes CVEs for curl, h500s, h300s, bootstrap os, h410s firmware.
- Which vendors does curl cover?
- curl publishes CVEs across 1 distinct vendors, most often haxx, curl, netapp, apple, Siemens.
- Is curl actively publishing CVEs?
- curl is currently active, based on 25 CVEs in the last two years.
- How many critical CVEs has curl published?
- curl has published 8 critical-severity CVEs and 18 high-severity CVEs.
- Are any of curl's CVEs in CISA's Known Exploited Vulnerabilities catalog?
- No. None of curl's CVEs are currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- What are the most common weakness types in curl's CVEs?
- curl's CVEs most often map to these CWE weakness types: CWE-295 (Improper Certificate Validation), CWE-297 (Improper Validation of Certificate with Host Mismatch), CWE-305 (Authentication Bypass by Primary Weakness), CWE-436 (Interpretation Conflict).
- How does curl rank among CNAs?
- By total CVE volume, curl ranks #224 of 370 CNAs, and it reports more complete CVE records than 12% of all CNAs.
References
- Official CVE.org list of CNA partners (opens in a new tab)
- Learn: What is a CNA?
- CWE directory: the weakness types this CNA maps its CVEs to
CNA report-card grades are computed by RadicalNotion.AI from published CVE records. CVE data is sourced from the CVE Program.
Track curl CVEs
Monitor new vulnerabilities as this CNA publishes them, with AI-written analysis and remediation guidance.