OESA-2026-1194

When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.(CVE-2025-14524)

When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file.(CVE-2025-15079)

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.(CVE-2025-15224)

Database specific

{
    "severity": "Medium"
}

References

Affected packages

openEuler:22.03-LTS-SP4 / curl

Package

Name: curl
Purl: pkg:rpm/openEuler/curl&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.79.1-46.oe2203sp4

Ecosystem specific

{
    "src": [
        "curl-7.79.1-46.oe2203sp4.src.rpm"
    ],
    "x86_64": [
        "curl-7.79.1-46.oe2203sp4.x86_64.rpm",
        "curl-debuginfo-7.79.1-46.oe2203sp4.x86_64.rpm",
        "curl-debugsource-7.79.1-46.oe2203sp4.x86_64.rpm",
        "libcurl-7.79.1-46.oe2203sp4.x86_64.rpm",
        "libcurl-devel-7.79.1-46.oe2203sp4.x86_64.rpm"
    ],
    "aarch64": [
        "curl-7.79.1-46.oe2203sp4.aarch64.rpm",
        "curl-debuginfo-7.79.1-46.oe2203sp4.aarch64.rpm",
        "curl-debugsource-7.79.1-46.oe2203sp4.aarch64.rpm",
        "libcurl-7.79.1-46.oe2203sp4.aarch64.rpm",
        "libcurl-devel-7.79.1-46.oe2203sp4.aarch64.rpm"
    ],
    "noarch": [
        "curl-help-7.79.1-46.oe2203sp4.noarch.rpm"
    ]
}

Database specific

source

"https://repo.openeuler.org/security/data/osv/OESA-2026-1194.json"