CNNVD-202601-1549 Information

CNNVD ID

CNNVD-202601-1549

Related CVE

CVE-2025-13034

• CNNVD Published: 2026-01-08

Description (Chinese)

curl是cURL开源的一款用于从服务器传输数据或向服务器传输数据的工具。 curl存在安全漏洞，该漏洞源于CURLOPT_PINNEDPUBLICKEY选项在特定条件下跳过公钥检查，可能导致连接伪造。

Description (English)

Curl is a tool for the transfer of data from or to the server of the curL open source. Curl has a security loophole, which stems from the fact that the CURLOPT PINNEDPUBICKEY option skips a public key check under certain conditions, which may result in a link being forged.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

cURL

Published

2026-01-08

Last Modified

2026-02-24

References

https://curl.se/docs/CVE-2025-13034.json https://curl.se/docs/CVE-2025-13034.html https://access.redhat.com/security/cve/cve-2025-13034

Patch

https://github.com/curl/curl/releases