Main Vulnerability Database SB2026010783

SB2026010783 - SUSE update for curl

Published: January 7, 2026

Security Bulletin ID SB2026010783

Severity

Low

Patch available

YES

Number of vulnerabilities 4

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Insufficiently protected credentials (CVE-ID: CVE-2025-14524)

The vulnerability allows an attacker to obtain bearer token,

The vulnerability exists due to an error when handling cross-protocol redirects. When an oauth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.

2) Improper Certificate Validation (CVE-ID: CVE-2025-14819)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to the way libcurl handles TLS transfers when using the CURLSSLOPT_NO_PARTIALCHAIN option. A remote attacker can trick the library into re-using a CA store cached in memory for which the partial chain option was reversed, leading to store policy bypass and a potential MitM attack.

3) Improper validation of certificate with host mismatch (CVE-ID: CVE-2025-15079)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists during SSH-based transfers due to the library mistakenly accepts connections to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file. A remote attacker can perform a MitM attack.

Note, the vulnerability affects libcurl builds that use libssh backend instead of libssh2.

4) Improper authentication (CVE-ID: CVE-2025-15224)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error when doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication. In such case the curl would wrongly still ask and authenticate using a locally running SSH agent.

Note, the vulnerability affects libcurl builds that use libssh backend instead of libssh2.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2026/suse-su-20260052-1/

Vulnerable Software

Basesystem Module: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
SUSE Linux Enterprise Desktop 15: SP7
libcurl4-32bit: before 8.14.1-150700.7.8.1
libcurl4-32bit-debuginfo: before 8.14.1-150700.7.8.1
curl-debuginfo: before 8.14.1-150700.7.8.1
curl-debugsource: before 8.14.1-150700.7.8.1
libcurl-devel: before 8.14.1-150700.7.8.1
libcurl4: before 8.14.1-150700.7.8.1
curl: before 8.14.1-150700.7.8.1
libcurl4-debuginfo: before 8.14.1-150700.7.8.1