{"id":"USN-8487-1","summary":"curl vulnerabilities","details":"Andrew Nesbitt discovered that curl could reuse an existing live\nconnection during STARTTLS-based connection upgrades even when the TLS\nconfiguration did not match. A remote attacker could possibly use this\nissue to cause curl to use an unintended TLS configuration.\n(CVE-2026-8286)\n\nMuhamad Arga Reksapati discovered that curl incorrectly reused\nconnections for Negotiate-authenticated requests when different services\nwere involved. A remote attacker could possibly use this issue to access\nresources authenticated for another service. This issue only affected\nUbuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS,\nUbuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-8458)\n\nIt was discovered that curl incorrectly handled cookie parsing in\ncertain circumstances. A remote attacker could possibly use this issue\nto set cookies that would be transmitted to unrelated third-party\ndomains. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,\nUbuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.10, and\nUbuntu 26.04 LTS. (CVE-2026-8924)\n\nJoshua Rogers discovered that curl could double-free a GSASL context\nwhen handling SASL authentication. A remote attacker could possibly use\nthis issue to cause a denial of service, or execute arbitrary code. This\nissue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.10, and\nUbuntu 26.04 LTS. (CVE-2026-8925)\n\nJoshua Rogers discovered that curl could select the wrong password from\na .netrc file when a username was specified in the URL without a\npassword. A remote attacker could possibly use this issue to obtain\nsensitive information. This issue only affected Ubuntu 25.10 and Ubuntu\n26.04 LTS. (CVE-2026-8926)\n\nAdy Elouej discovered that curl did not clear proxy authentication\nstate between requests when reusing a handle with environment-variable\nproxy configuration. A remote attacker could possibly use this issue to\nobtain sensitive credentials. (CVE-2026-8927)\n\nGuannan Wang, Zhanpeng Liu, Jiashuo Liang, and Guancheng Li discovered\nthat curl did not properly clear proxy authentication credentials when\ninstructed to do so. A remote attacker could possibly use this issue to\nobtain sensitive credentials. This issue only affected Ubuntu 25.10 and\nUbuntu 26.04 LTS. (CVE-2026-9079)\n\nJoshua Rogers discovered that curl contained a use-after-free when\ncurl_easy_pause() was called within the event-based socket callback. A\nremote attacker could possibly use this issue to cause a denial of service\nor possibly execute arbitrary code. This issue only affected Ubuntu 25.10\nand Ubuntu 26.04 LTS. (CVE-2026-9080)\n\nEunsoo Kim discovered that curl could send early data on a resumed TLS\nsession before enforcing certificate verification failure. A\nmachine-in-the-middle attacker could possibly use this issue to obtain\nsensitive information. This issue only affected Ubuntu 25.10 and Ubuntu\n26.04 LTS. (CVE-2026-9545)\n\nJoshua Rogers discovered that curl did not properly reject host key\ntype mismatches when using the SSH key callback for SCP and SFTP\ntransfers. A machine-in-the-middle attacker could possibly use this\nissue to impersonate a trusted server. This issue only affected Ubuntu\n22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS.\n(CVE-2026-9547)","modified":"2026-07-08T09:45:31.141391808Z","published":"2026-06-30T21:34:21Z","related":["UBUNTU-CVE-2026-8286","UBUNTU-CVE-2026-8458","UBUNTU-CVE-2026-8924","UBUNTU-CVE-2026-8925","UBUNTU-CVE-2026-8926","UBUNTU-CVE-2026-8927","UBUNTU-CVE-2026-9079","UBUNTU-CVE-2026-9080","UBUNTU-CVE-2026-9545","UBUNTU-CVE-2026-9547"],"upstream":["UBUNTU-CVE-2026-8286","UBUNTU-CVE-2026-8458","UBUNTU-CVE-2026-8924","UBUNTU-CVE-2026-8925","UBUNTU-CVE-2026-8926","UBUNTU-CVE-2026-8927","UBUNTU-CVE-2026-9079","UBUNTU-CVE-2026-9080","UBUNTU-CVE-2026-9545","UBUNTU-CVE-2026-9547"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8487-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-8286"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-8458"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-8924"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-8925"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-8926"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-8927"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-9079"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-9080"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-9545"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-9547"}],"affected":[{"package":{"name":"curl","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/curl?arch=source&distro=esm-infra-legacy%2Ftrusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.35.0-1ubuntu2.20+esm20"}]}],"versions":["7.32.0-1ubuntu1","7.33.0-1ubuntu1","7.34.0-1ubuntu1","7.35.0-1ubuntu1","7.35.0-1ubuntu2","7.35.0-1ubuntu2.1","7.35.0-1ubuntu2.2","7.35.0-1ubuntu2.3","7.35.0-1ubuntu2.5","7.35.0-1ubuntu2.6","7.35.0-1ubuntu2.7","7.35.0-1ubuntu2.8","7.35.0-1ubuntu2.9","7.35.0-1ubuntu2.10","7.35.0-1ubuntu2.11","7.35.0-1ubuntu2.12","7.35.0-1ubuntu2.13","7.35.0-1ubuntu2.14","7.35.0-1ubuntu2.15","7.35.0-1ubuntu2.16","7.35.0-1ubuntu2.17","7.35.0-1ubuntu2.19","7.35.0-1ubuntu2.20","7.35.0-1ubuntu2.20+esm2","7.35.0-1ubuntu2.20+esm3","7.35.0-1ubuntu2.20+esm4","7.35.0-1ubuntu2.20+esm5","7.35.0-1ubuntu2.20+esm6","7.35.0-1ubuntu2.20+esm7","7.35.0-1ubuntu2.20+esm8","7.35.0-1ubuntu2.20+esm9","7.35.0-1ubuntu2.20+esm10","7.35.0-1ubuntu2.20+esm11","7.35.0-1ubuntu2.20+esm12","7.35.0-1ubuntu2.20+esm13","7.35.0-1ubuntu2.20+esm14","7.35.0-1ubuntu2.20+esm15","7.35.0-1ubuntu2.20+esm16","7.35.0-1ubuntu2.20+esm17","7.35.0-1ubuntu2.20+esm18","7.35.0-1ubuntu2.20+esm19"],"ecosystem_specific":{"binaries":[{"binary_name":"curl","binary_version":"7.35.0-1ubuntu2.20+esm20"},{"binary_version":"7.35.0-1ubuntu2.20+esm20","binary_name":"libcurl3"},{"binary_version":"7.35.0-1ubuntu2.20+esm20","binary_name":"libcurl3-gnutls"},{"binary_name":"libcurl3-nss","binary_version":"7.35.0-1ubuntu2.20+esm20"}],"availability":"Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8487-1.json","cves_map":{"cves":[{"id":"CVE-2026-8286","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-8927","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:14.04:LTS"}}},{"package":{"name":"curl","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/curl?arch=source&distro=esm-infra-legacy%2Fxenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.47.0-1ubuntu2.19+esm16"}]}],"versions":["7.43.0-1ubuntu2","7.45.0-1ubuntu1","7.46.0-1ubuntu1","7.47.0-1ubuntu1","7.47.0-1ubuntu2","7.47.0-1ubuntu2.1","7.47.0-1ubuntu2.2","7.47.0-1ubuntu2.3","7.47.0-1ubuntu2.4","7.47.0-1ubuntu2.5","7.47.0-1ubuntu2.6","7.47.0-1ubuntu2.7","7.47.0-1ubuntu2.8","7.47.0-1ubuntu2.9","7.47.0-1ubuntu2.11","7.47.0-1ubuntu2.12","7.47.0-1ubuntu2.13","7.47.0-1ubuntu2.14","7.47.0-1ubuntu2.15","7.47.0-1ubuntu2.16","7.47.0-1ubuntu2.18","7.47.0-1ubuntu2.19","7.47.0-1ubuntu2.19+esm1","7.47.0-1ubuntu2.19+esm2","7.47.0-1ubuntu2.19+esm3","7.47.0-1ubuntu2.19+esm4","7.47.0-1ubuntu2.19+esm5","7.47.0-1ubuntu2.19+esm6","7.47.0-1ubuntu2.19+esm7","7.47.0-1ubuntu2.19+esm8","7.47.0-1ubuntu2.19+esm9","7.47.0-1ubuntu2.19+esm10","7.47.0-1ubuntu2.19+esm11","7.47.0-1ubuntu2.19+esm12","7.47.0-1ubuntu2.19+esm13","7.47.0-1ubuntu2.19+esm15"],"ecosystem_specific":{"binaries":[{"binary_name":"curl","binary_version":"7.47.0-1ubuntu2.19+esm16"},{"binary_name":"libcurl3","binary_version":"7.47.0-1ubuntu2.19+esm16"},{"binary_name":"libcurl3-gnutls","binary_version":"7.47.0-1ubuntu2.19+esm16"},{"binary_version":"7.47.0-1ubuntu2.19+esm16","binary_name":"libcurl3-nss"}],"availability":"Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8487-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:16.04:LTS","cves":[{"id":"CVE-2026-8286","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2026-8924"},{"id":"CVE-2026-8927","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"type":"Ubuntu","score":"medium"}]}]}}},{"package":{"name":"curl","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/curl?arch=source&distro=esm-infra%2Fbionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.58.0-2ubuntu3.24+esm9"}]}],"versions":["7.55.1-1ubuntu2","7.55.1-1ubuntu2.1","7.57.0-1ubuntu1","7.58.0-2ubuntu1","7.58.0-2ubuntu2","7.58.0-2ubuntu3","7.58.0-2ubuntu3.1","7.58.0-2ubuntu3.2","7.58.0-2ubuntu3.3","7.58.0-2ubuntu3.5","7.58.0-2ubuntu3.6","7.58.0-2ubuntu3.7","7.58.0-2ubuntu3.8","7.58.0-2ubuntu3.9","7.58.0-2ubuntu3.10","7.58.0-2ubuntu3.12","7.58.0-2ubuntu3.13","7.58.0-2ubuntu3.14","7.58.0-2ubuntu3.15","7.58.0-2ubuntu3.16","7.58.0-2ubuntu3.17","7.58.0-2ubuntu3.18","7.58.0-2ubuntu3.19","7.58.0-2ubuntu3.20","7.58.0-2ubuntu3.21","7.58.0-2ubuntu3.22","7.58.0-2ubuntu3.23","7.58.0-2ubuntu3.24","7.58.0-2ubuntu3.24+esm1","7.58.0-2ubuntu3.24+esm2","7.58.0-2ubuntu3.24+esm3","7.58.0-2ubuntu3.24+esm4","7.58.0-2ubuntu3.24+esm5","7.58.0-2ubuntu3.24+esm7","7.58.0-2ubuntu3.24+esm8"],"ecosystem_specific":{"binaries":[{"binary_name":"curl","binary_version":"7.58.0-2ubuntu3.24+esm9"},{"binary_name":"libcurl3-gnutls","binary_version":"7.58.0-2ubuntu3.24+esm9"},{"binary_name":"libcurl3-nss","binary_version":"7.58.0-2ubuntu3.24+esm9"},{"binary_version":"7.58.0-2ubuntu3.24+esm9","binary_name":"libcurl4"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:Pro:18.04:LTS","cves":[{"id":"CVE-2026-8286","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2026-8458","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2026-8924"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2026-8927"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8487-1.json"}},{"package":{"name":"curl","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/curl?arch=source&distro=esm-infra%2Ffocal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.68.0-1ubuntu2.25+esm4"}]}],"versions":["7.65.3-1ubuntu3","7.65.3-1ubuntu4","7.66.0-1ubuntu1","7.67.0-2ubuntu1","7.68.0-1ubuntu1","7.68.0-1ubuntu2","7.68.0-1ubuntu2.1","7.68.0-1ubuntu2.2","7.68.0-1ubuntu2.4","7.68.0-1ubuntu2.5","7.68.0-1ubuntu2.6","7.68.0-1ubuntu2.7","7.68.0-1ubuntu2.10","7.68.0-1ubuntu2.11","7.68.0-1ubuntu2.12","7.68.0-1ubuntu2.13","7.68.0-1ubuntu2.14","7.68.0-1ubuntu2.15","7.68.0-1ubuntu2.16","7.68.0-1ubuntu2.18","7.68.0-1ubuntu2.19","7.68.0-1ubuntu2.20","7.68.0-1ubuntu2.21","7.68.0-1ubuntu2.22","7.68.0-1ubuntu2.23","7.68.0-1ubuntu2.24","7.68.0-1ubuntu2.25","7.68.0-1ubuntu2.25+esm2","7.68.0-1ubuntu2.25+esm3"],"ecosystem_specific":{"binaries":[{"binary_name":"curl","binary_version":"7.68.0-1ubuntu2.25+esm4"},{"binary_version":"7.68.0-1ubuntu2.25+esm4","binary_name":"libcurl3-gnutls"},{"binary_name":"libcurl3-nss","binary_version":"7.68.0-1ubuntu2.25+esm4"},{"binary_name":"libcurl4","binary_version":"7.68.0-1ubuntu2.25+esm4"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8487-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:20.04:LTS","cves":[{"id":"CVE-2026-8286","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"low"}]},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2026-8458"},{"id":"CVE-2026-8924","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"low"}]},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2026-8927"}]}}},{"package":{"name":"curl","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/curl?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.81.0-1ubuntu1.25"}]}],"versions":["7.74.0-1.3ubuntu2","7.74.0-1.3ubuntu3","7.80.0-3","7.81.0-1","7.81.0-1ubuntu1.1","7.81.0-1ubuntu1.2","7.81.0-1ubuntu1.3","7.81.0-1ubuntu1.4","7.81.0-1ubuntu1.6","7.81.0-1ubuntu1.7","7.81.0-1ubuntu1.8","7.81.0-1ubuntu1.10","7.81.0-1ubuntu1.11","7.81.0-1ubuntu1.13","7.81.0-1ubuntu1.14","7.81.0-1ubuntu1.15","7.81.0-1ubuntu1.16","7.81.0-1ubuntu1.17","7.81.0-1ubuntu1.18","7.81.0-1ubuntu1.19","7.81.0-1ubuntu1.20","7.81.0-1ubuntu1.21","7.81.0-1ubuntu1.22","7.81.0-1ubuntu1.23","7.81.0-1ubuntu1.24"],"ecosystem_specific":{"binaries":[{"binary_name":"curl","binary_version":"7.81.0-1ubuntu1.25"},{"binary_name":"libcurl3-gnutls","binary_version":"7.81.0-1ubuntu1.25"},{"binary_version":"7.81.0-1ubuntu1.25","binary_name":"libcurl3-nss"},{"binary_name":"libcurl4","binary_version":"7.81.0-1ubuntu1.25"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2026-8286"},{"id":"CVE-2026-8458","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2026-8924","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2026-8925","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2026-8927"},{"id":"CVE-2026-9547","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:22.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8487-1.json"}},{"package":{"name":"curl","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/curl?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.5.0-2ubuntu10.10"}]}],"versions":["8.2.1-1ubuntu3","8.2.1-1ubuntu3.1","8.4.0-2ubuntu1","8.5.0-2ubuntu1","8.5.0-2ubuntu2","8.5.0-2ubuntu8","8.5.0-2ubuntu9","8.5.0-2ubuntu10","8.5.0-2ubuntu10.1","8.5.0-2ubuntu10.2","8.5.0-2ubuntu10.3","8.5.0-2ubuntu10.4","8.5.0-2ubuntu10.5","8.5.0-2ubuntu10.6","8.5.0-2ubuntu10.7","8.5.0-2ubuntu10.8","8.5.0-2ubuntu10.9"],"ecosystem_specific":{"binaries":[{"binary_name":"curl","binary_version":"8.5.0-2ubuntu10.10"},{"binary_name":"libcurl3t64-gnutls","binary_version":"8.5.0-2ubuntu10.10"},{"binary_version":"8.5.0-2ubuntu10.10","binary_name":"libcurl4t64"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:24.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2026-8286"},{"id":"CVE-2026-8458","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2026-8924","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2026-8925","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-8927"},{"id":"CVE-2026-9547","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"low"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8487-1.json"}},{"package":{"name":"curl","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/curl?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.14.1-2ubuntu1.4"}]}],"versions":["8.12.1-3ubuntu1","8.13.0-5ubuntu1","8.14.1-1ubuntu2","8.14.1-1ubuntu3","8.14.1-2ubuntu1","8.14.1-2ubuntu1.1","8.14.1-2ubuntu1.2","8.14.1-2ubuntu1.3"],"ecosystem_specific":{"binaries":[{"binary_name":"curl","binary_version":"8.14.1-2ubuntu1.4"},{"binary_version":"8.14.1-2ubuntu1.4","binary_name":"libcurl3t64-gnutls"},{"binary_name":"libcurl4t64","binary_version":"8.14.1-2ubuntu1.4"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:25.10","cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2026-8286"},{"id":"CVE-2026-8458","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2026-8924","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2026-8925","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"score":"medium","type":"Ubuntu"}]},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2026-8926"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-8927"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2026-9079"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2026-9080"},{"id":"CVE-2026-9545","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"score":"low","type":"Ubuntu"}]},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2026-9547"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8487-1.json"}},{"package":{"name":"curl","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/curl?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.18.0-1ubuntu2.2"}]}],"versions":["8.14.1-2ubuntu1","8.17.0-1ubuntu1","8.18.0-1ubuntu1","8.18.0-1ubuntu2","8.18.0-1ubuntu2.1"],"ecosystem_specific":{"binaries":[{"binary_version":"8.18.0-1ubuntu2.2","binary_name":"curl"},{"binary_version":"8.18.0-1ubuntu2.2","binary_name":"libcurl3t64-gnutls"},{"binary_name":"libcurl4t64","binary_version":"8.18.0-1ubuntu2.2"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:26.04:LTS","cves":[{"id":"CVE-2026-8286","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2026-8458","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2026-8924","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2026-8925","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"score":"medium","type":"Ubuntu"}]},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2026-8926"},{"id":"CVE-2026-8927","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-9079","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"type":"Ubuntu","score":"medium"}]},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","type":"CVSS_V3"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2026-9080"},{"id":"CVE-2026-9545","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"low"}]},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2026-9547"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8487-1.json"}}],"schema_version":"1.7.5"}