SlowMist Chief Information Security Officer 23pds said Curl has fixed 18 security vulnerabilities involving authentication bypass, memory safety, and host verification issues. According to Odaily, 23pds wrote on X that one of the libcurl vulnerabilities had existed for about 25 years.

23pds said the risk affects a wide range of applications, SDKs, containers, firmware, gateways, and CI/CD environments that rely heavily on libcurl. The post recommended upgrading curl/libcurl as soon as possible and checking whether older versions of libcurl are in use, with particular attention to mTLS, proxy authentication, and connection reuse scenarios.