Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-72pz-4qf7-xfdb
Vulnerability ID VCID-72pz-4qf7-xfdb
Aliases CVE-2016-4802
Summary Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-94 Improper Control of Generation of Code ('Code Injection')
System Score Found at
epss 0.00612 https://api.first.org/data/v1/epss?cve=CVE-2016-4802
cvssv3.1 High https://curl.se/docs/CVE-2016-4802.html
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2016-4802
https://curl.se/docs/CVE-2016-4802.html
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.70137
EPSS Score 0.00612
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T16:52:10.593799+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0