CVE-2026-33752HIGHCVSS 8.6fixed in 0.15.0·v0.15.02026-04-06
CVE-2026-33752 [HIGH] CWE-918 CVE-2026-33752: curl_cffi is the a Python binding for curl. Prior to 0.15.0, curl_cffi does not restrict requests to
curl_cffi is the a Python binding for curl. Prior to 0.15.0, curl_cffi does not restrict requests to internal IP ranges, and follows redirects automatically via the underlying libcurl. Because of this, an attacker-controlled URL can redirect requests to internal services such as cloud metadata endpoints. In addition, curl_cffi’s TLS impersonation feat
cvelistv5ghsanvd