• Category: Security
  • Status: confirmed
  • Sources: curl blog
  • Summary: The curl vulnerability-report pause announced on 2026-06-15 takes effect on 2026-07-01. The HackerOne form is paused and the security email is not processed from 2026-07-01 00:00 CEST through 2026-08-02, resuming 2026-08-03 09:00 CEST. Paid support contracts keep full security access; GitHub issues and pull requests continue normally.
  • Why it matters: For one month, no new curl vulnerability reports are triaged, which shifts disclosure timing for one of the most widely deployed pieces of software.
  • Follow-up: Watch for any public vulnerability disclosure during the pause window and report handling resuming 2026-08-03.

Send feedback on this story