SB2026031238 - Ubuntu update for curl

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Authentication Bypass by Primary Weakness (CVE-ID: CVE-2026-1965)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to improper reuse of HTTP Negotiate connection. A remote attacker can bypass authentication and gain access to the target system.

2) Insufficiently protected credentials (CVE-ID: CVE-2026-3783)

The vulnerability allows a remote attacker to gain access to sensitive information on the system.

The vulnerability exists due to insufficiently protected credentials When the OAuth2 bearer token is used for an HTTP(S) transfer. A remote attacker can gain access to sensitive information on the system.

3) Authentication Bypass by Primary Weakness (CVE-ID: CVE-2026-3784)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to wrong proxy connection reuse with credentials. A remote attacker can bypass authentication and gain access to the target system.

4) Use-after-free (CVE-ID: CVE-2026-3805)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when doing a second SMB request to the same host again. A remote attacker can gain access to sensitive information on the system.

5) Information disclosure (CVE-ID: CVE-2025-0167)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to application can leak credentials when asked to use a .netrc file for credentials and to follow HTTP redirects. A remote attacker can gain access to sensitive information.

Remediation

Install update from vendor's website.

References

• https://ubuntu.com/security/notices/USN-8084-1