[OE-core][scarthgap][PATCH 1/2][PATCH] curl: fix CVE-2026-3783

[OE-core][scarthgap][PATCH 1/2][PATCH] curl: fix CVE-2026-3783

[Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco)]

From: Sudhir Dumbhare <sudumbha@cisco.com>

This patch applies the upstream fix [1] as referenced in [2]
which is mentioned in [3]:

[1] https://github.com/curl/curl/commit/e3d7401a32a46516c9e5ee877e613e62ed35bddc
[2] https://curl.se/docs/CVE-2026-3783.html
[3] https://nvd.nist.gov/vuln/detail/CVE-2026-3783

Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
---
 .../curl/curl/CVE-2026-3783.patch             | 159 ++++++++++++++++++
 meta/recipes-support/curl/curl_8.7.1.bb       |   1 +
 2 files changed, 160 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3783.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2026-3783.patch b/meta/recipes-support/curl/curl/CVE-2026-3783.patch
new file mode 100644
index 0000000000..02c2d51eb6
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2026-3783.patch
@@ -0,0 +1,159 @@
+From 11c36846187d96ef72abc6aeb5784c002cb212fe Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 6 Mar 2026 23:13:07 +0100
+Subject: [PATCH] http: only send bearer if auth is allowed
+
+Verify with test 2006
+
+Closes #20843
+
+CVE: CVE-2026-3783
+Upstream-Status: Backport [https://github.com/curl/curl/commit/e3d7401a32a46516c9e5ee877e613e62ed35bddc]
+
+Backport Changes:
+- in tests/data/Makefile.inc: added test2006 to TESTCASES, adjusted for
+  this version.
+  The TESTCASES in tests/data/Makefile.am was introduced curl-8_10_0 by
+  this commit;
+  https://github.com/curl/curl/commit/f5b826532f2c564ef240df0ba2f3287d521df711
+
+(cherry picked from commit e3d7401a32a46516c9e5ee877e613e62ed35bddc)
+Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
+---
+ lib/http.c              |  1 +
+ tests/data/Makefile.inc |  2 +-
+ tests/data/test2006     | 98 +++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 100 insertions(+), 1 deletion(-)
+ create mode 100644 tests/data/test2006
+
+diff --git a/lib/http.c b/lib/http.c
+index a764d3c440..3ab6d21b0f 100644
+--- a/lib/http.c
++++ b/lib/http.c
+@@ -673,6 +673,7 @@ output_auth_headers(struct Curl_easy *data,
+   if(authstatus->picked == CURLAUTH_BEARER) {
+     /* Bearer */
+     if((!proxy && data->set.str[STRING_BEARER] &&
++       Curl_auth_allowed_to_host(data) &&
+         !Curl_checkheaders(data, STRCONST("Authorization")))) {
+       auth = "Bearer";
+       result = http_output_bearer(data);
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index 4c2cd52999..9fb92742ee 100644
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -230,7 +230,7 @@ test1941 test1942 test1943 test1944 test1945 test1946 test1947 test1948 \
+ test1955 test1956 test1957 test1958 test1959 test1960 test1964 \
+ test1970 test1971 test1972 test1973 test1974 test1975 \
+ \
+-test2000 test2001 test2002 test2003 test2004 test2005 \
++test2000 test2001 test2002 test2003 test2004 test2005 test2006 \
+ \
+                                                                test2023 \
+ test2024 test2025 test2026 test2027 test2028 test2029 test2030 test2031 \
+diff --git a/tests/data/test2006 b/tests/data/test2006
+new file mode 100644
+index 0000000000..200d30a7ce
+--- /dev/null
++++ b/tests/data/test2006
+@@ -0,0 +1,98 @@
++<?xml version="1.0" encoding="US-ASCII"?>
++<testcase>
++<info>
++<keywords>
++netrc
++HTTP
++</keywords>
++</info>
++# Server-side
++<reply>
++<data crlf="headers">
++HTTP/1.1 301 Follow this you fool
++Date: Tue, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
++ETag: "21025-dc7-39462498"
++Accept-Ranges: bytes
++Content-Length: 6
++Connection: close
++Location: http://b.com/%TESTNUMBER0002
++
++-foo-
++</data>
++
++<data2 crlf="headers">
++HTTP/1.1 200 OK
++Date: Tue, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
++ETag: "21025-dc7-39462498"
++Accept-Ranges: bytes
++Content-Length: 7
++Connection: close
++
++target
++</data2>
++
++<datacheck crlf="headers">
++HTTP/1.1 301 Follow this you fool
++Date: Tue, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
++ETag: "21025-dc7-39462498"
++Accept-Ranges: bytes
++Content-Length: 6
++Connection: close
++Location: http://b.com/%TESTNUMBER0002
++
++HTTP/1.1 200 OK
++Date: Tue, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
++ETag: "21025-dc7-39462498"
++Accept-Ranges: bytes
++Content-Length: 7
++Connection: close
++
++target
++</datacheck>
++</reply>
++
++# Client-side
++<client>
++<server>
++http
++</server>
++<features>
++proxy
++</features>
++<name>
++.netrc default with redirect plus oauth2-bearer
++</name>
++<command>
++--netrc --netrc-file %LOGDIR/netrc%TESTNUMBER --oauth2-bearer SECRET_TOKEN -L -x http://%HOSTIP:%HTTPPORT/ http://a.com/
++</command>
++<file name="%LOGDIR/netrc%TESTNUMBER" >
++default login testuser password testpass
++</file>
++</client>
++
++<verify>
++<protocol crlf="headers">
++GET http://a.com/ HTTP/1.1
++Host: a.com
++Authorization: Bearer SECRET_TOKEN
++User-Agent: curl/%VERSION
++Accept: */*
++Proxy-Connection: Keep-Alive
++
++GET http://b.com/%TESTNUMBER0002 HTTP/1.1
++Host: b.com
++User-Agent: curl/%VERSION
++Accept: */*
++Proxy-Connection: Keep-Alive
++
++</protocol>
++</verify>
++</testcase>
+--
+2.44.1
diff --git a/meta/recipes-support/curl/curl_8.7.1.bb b/meta/recipes-support/curl/curl_8.7.1.bb
index e2f6f8472f..07e532721f 100644
--- a/meta/recipes-support/curl/curl_8.7.1.bb
+++ b/meta/recipes-support/curl/curl_8.7.1.bb
@@ -34,6 +34,7 @@ SRC_URI = " \
     file://CVE-2025-15224.patch \
     file://CVE-2026-1965_p1.patch \
     file://CVE-2026-1965_p2.patch \
+    file://CVE-2026-3783.patch \
 "
 
 SRC_URI:append:class-nativesdk = " \
-- 
2.44.4

Re: [OE-core][scarthgap][PATCH 1/2][PATCH] curl: fix CVE-2026-3783

[Yoann Congal]

On Thu Mar 26, 2026 at 5:48 AM CET, Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco) via lists.openembedded.org wrote:
> From: Sudhir Dumbhare <sudumbha@cisco.com>
>
> This patch applies the upstream fix [1] as referenced in [2]
> which is mentioned in [3]:
>
> [1] https://github.com/curl/curl/commit/e3d7401a32a46516c9e5ee877e613e62ed35bddc
> [2] https://curl.se/docs/CVE-2026-3783.html
> [3] https://nvd.nist.gov/vuln/detail/CVE-2026-3783
>
> Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
> ---

Hello,

Sending a patch with "[PATCH 1/2]" means this is a first patch of a
series of 2. I can't find the 2/2. Is it missing or the numbering of
your 3 recent curl patches was somehow buggy?

Regards,

>  .../curl/curl/CVE-2026-3783.patch             | 159 ++++++++++++++++++
>  meta/recipes-support/curl/curl_8.7.1.bb       |   1 +
>  2 files changed, 160 insertions(+)
>  create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3783.patch
>
> diff --git a/meta/recipes-support/curl/curl/CVE-2026-3783.patch b/meta/recipes-support/curl/curl/CVE-2026-3783.patch
> new file mode 100644
> index 0000000000..02c2d51eb6
> --- /dev/null
> +++ b/meta/recipes-support/curl/curl/CVE-2026-3783.patch
> @@ -0,0 +1,159 @@
> +From 11c36846187d96ef72abc6aeb5784c002cb212fe Mon Sep 17 00:00:00 2001
> +From: Daniel Stenberg <daniel@haxx.se>
> +Date: Fri, 6 Mar 2026 23:13:07 +0100
> +Subject: [PATCH] http: only send bearer if auth is allowed
> +
> +Verify with test 2006
> +
> +Closes #20843
> +
> +CVE: CVE-2026-3783
> +Upstream-Status: Backport [https://github.com/curl/curl/commit/e3d7401a32a46516c9e5ee877e613e62ed35bddc]
> +
> +Backport Changes:
> +- in tests/data/Makefile.inc: added test2006 to TESTCASES, adjusted for
> +  this version.
> +  The TESTCASES in tests/data/Makefile.am was introduced curl-8_10_0 by
> +  this commit;
> +  https://github.com/curl/curl/commit/f5b826532f2c564ef240df0ba2f3287d521df711
> +
> +(cherry picked from commit e3d7401a32a46516c9e5ee877e613e62ed35bddc)
> +Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
> +---
> + lib/http.c              |  1 +
> + tests/data/Makefile.inc |  2 +-
> + tests/data/test2006     | 98 +++++++++++++++++++++++++++++++++++++++++
> + 3 files changed, 100 insertions(+), 1 deletion(-)
> + create mode 100644 tests/data/test2006
> +
> +diff --git a/lib/http.c b/lib/http.c
> +index a764d3c440..3ab6d21b0f 100644
> +--- a/lib/http.c
> ++++ b/lib/http.c
> +@@ -673,6 +673,7 @@ output_auth_headers(struct Curl_easy *data,
> +   if(authstatus->picked == CURLAUTH_BEARER) {
> +     /* Bearer */
> +     if((!proxy && data->set.str[STRING_BEARER] &&
> ++       Curl_auth_allowed_to_host(data) &&
> +         !Curl_checkheaders(data, STRCONST("Authorization")))) {
> +       auth = "Bearer";
> +       result = http_output_bearer(data);
> +diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
> +index 4c2cd52999..9fb92742ee 100644
> +--- a/tests/data/Makefile.inc
> ++++ b/tests/data/Makefile.inc
> +@@ -230,7 +230,7 @@ test1941 test1942 test1943 test1944 test1945 test1946 test1947 test1948 \
> + test1955 test1956 test1957 test1958 test1959 test1960 test1964 \
> + test1970 test1971 test1972 test1973 test1974 test1975 \
> + \
> +-test2000 test2001 test2002 test2003 test2004 test2005 \
> ++test2000 test2001 test2002 test2003 test2004 test2005 test2006 \
> + \
> +                                                                test2023 \
> + test2024 test2025 test2026 test2027 test2028 test2029 test2030 test2031 \
> +diff --git a/tests/data/test2006 b/tests/data/test2006
> +new file mode 100644
> +index 0000000000..200d30a7ce
> +--- /dev/null
> ++++ b/tests/data/test2006
> +@@ -0,0 +1,98 @@
> ++<?xml version="1.0" encoding="US-ASCII"?>
> ++<testcase>
> ++<info>
> ++<keywords>
> ++netrc
> ++HTTP
> ++</keywords>
> ++</info>
> ++# Server-side
> ++<reply>
> ++<data crlf="headers">
> ++HTTP/1.1 301 Follow this you fool
> ++Date: Tue, 09 Nov 2010 14:49:00 GMT
> ++Server: test-server/fake
> ++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
> ++ETag: "21025-dc7-39462498"
> ++Accept-Ranges: bytes
> ++Content-Length: 6
> ++Connection: close
> ++Location: http://b.com/%TESTNUMBER0002
> ++
> ++-foo-
> ++</data>
> ++
> ++<data2 crlf="headers">
> ++HTTP/1.1 200 OK
> ++Date: Tue, 09 Nov 2010 14:49:00 GMT
> ++Server: test-server/fake
> ++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
> ++ETag: "21025-dc7-39462498"
> ++Accept-Ranges: bytes
> ++Content-Length: 7
> ++Connection: close
> ++
> ++target
> ++</data2>
> ++
> ++<datacheck crlf="headers">
> ++HTTP/1.1 301 Follow this you fool
> ++Date: Tue, 09 Nov 2010 14:49:00 GMT
> ++Server: test-server/fake
> ++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
> ++ETag: "21025-dc7-39462498"
> ++Accept-Ranges: bytes
> ++Content-Length: 6
> ++Connection: close
> ++Location: http://b.com/%TESTNUMBER0002
> ++
> ++HTTP/1.1 200 OK
> ++Date: Tue, 09 Nov 2010 14:49:00 GMT
> ++Server: test-server/fake
> ++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
> ++ETag: "21025-dc7-39462498"
> ++Accept-Ranges: bytes
> ++Content-Length: 7
> ++Connection: close
> ++
> ++target
> ++</datacheck>
> ++</reply>
> ++
> ++# Client-side
> ++<client>
> ++<server>
> ++http
> ++</server>
> ++<features>
> ++proxy
> ++</features>
> ++<name>
> ++.netrc default with redirect plus oauth2-bearer
> ++</name>
> ++<command>
> ++--netrc --netrc-file %LOGDIR/netrc%TESTNUMBER --oauth2-bearer SECRET_TOKEN -L -x http://%HOSTIP:%HTTPPORT/ http://a.com/
> ++</command>
> ++<file name="%LOGDIR/netrc%TESTNUMBER" >
> ++default login testuser password testpass
> ++</file>
> ++</client>
> ++
> ++<verify>
> ++<protocol crlf="headers">
> ++GET http://a.com/ HTTP/1.1
> ++Host: a.com
> ++Authorization: Bearer SECRET_TOKEN
> ++User-Agent: curl/%VERSION
> ++Accept: */*
> ++Proxy-Connection: Keep-Alive
> ++
> ++GET http://b.com/%TESTNUMBER0002 HTTP/1.1
> ++Host: b.com
> ++User-Agent: curl/%VERSION
> ++Accept: */*
> ++Proxy-Connection: Keep-Alive
> ++
> ++</protocol>
> ++</verify>
> ++</testcase>
> +--
> +2.44.1
> diff --git a/meta/recipes-support/curl/curl_8.7.1.bb b/meta/recipes-support/curl/curl_8.7.1.bb
> index e2f6f8472f..07e532721f 100644
> --- a/meta/recipes-support/curl/curl_8.7.1.bb
> +++ b/meta/recipes-support/curl/curl_8.7.1.bb
> @@ -34,6 +34,7 @@ SRC_URI = " \
>      file://CVE-2025-15224.patch \
>      file://CVE-2026-1965_p1.patch \
>      file://CVE-2026-1965_p2.patch \
> +    file://CVE-2026-3783.patch \
>  "
>  
>  SRC_URI:append:class-nativesdk = " \


-- 
Yoann Congal
Smile ECS

Re: [scarthgap][PATCH 1/2][PATCH] curl: fix CVE-2026-3783

[Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco)]

[-- Attachment #1: Type: text/plain, Size: 333 bytes --]

Hi,
thank you for highlighting patch numbering in subject line.
re-sending v2 of patch series with below subject line;

[OE-core][scarthgap][PATCH v2 1/3] curl: fix CVE-2026-1965
[OE-core][scarthgap][PATCH v2 2/3] curl: fix CVE-2026-3783
[OE-core][scarthgap][PATCH v2 3/3] curl: fix CVE-2026-3784

Thanks & Regards,
Sudhir

[-- Attachment #2: Type: text/html, Size: 403 bytes --]

[OE-core][scarthgap][PATCH v2 2/3] curl: fix CVE-2026-3783

[Sudhir Dumbhare -X (sudumbha - E INFOCHIPS PRIVATE LIMITED at Cisco)]

From: Sudhir Dumbhare <sudumbha@cisco.com>

This patch applies the upstream fix [1] as referenced in [2]
which is mentioned in [3]:

[1] https://github.com/curl/curl/commit/e3d7401a32a46516c9e5ee877e613e62ed35bddc
[2] https://curl.se/docs/CVE-2026-3783.html
[3] https://nvd.nist.gov/vuln/detail/CVE-2026-3783

Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
---
Changes from v1 -> v2:
- Updated with the correct patch series numbering

 .../curl/curl/CVE-2026-3783.patch             | 159 ++++++++++++++++++
 meta/recipes-support/curl/curl_8.7.1.bb       |   1 +
 2 files changed, 160 insertions(+)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2026-3783.patch

diff --git a/meta/recipes-support/curl/curl/CVE-2026-3783.patch b/meta/recipes-support/curl/curl/CVE-2026-3783.patch
new file mode 100644
index 0000000000..02c2d51eb6
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2026-3783.patch
@@ -0,0 +1,159 @@
+From 11c36846187d96ef72abc6aeb5784c002cb212fe Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Fri, 6 Mar 2026 23:13:07 +0100
+Subject: [PATCH] http: only send bearer if auth is allowed
+
+Verify with test 2006
+
+Closes #20843
+
+CVE: CVE-2026-3783
+Upstream-Status: Backport [https://github.com/curl/curl/commit/e3d7401a32a46516c9e5ee877e613e62ed35bddc]
+
+Backport Changes:
+- in tests/data/Makefile.inc: added test2006 to TESTCASES, adjusted for
+  this version.
+  The TESTCASES in tests/data/Makefile.am was introduced curl-8_10_0 by
+  this commit;
+  https://github.com/curl/curl/commit/f5b826532f2c564ef240df0ba2f3287d521df711
+
+(cherry picked from commit e3d7401a32a46516c9e5ee877e613e62ed35bddc)
+Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com>
+---
+ lib/http.c              |  1 +
+ tests/data/Makefile.inc |  2 +-
+ tests/data/test2006     | 98 +++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 100 insertions(+), 1 deletion(-)
+ create mode 100644 tests/data/test2006
+
+diff --git a/lib/http.c b/lib/http.c
+index a764d3c440..3ab6d21b0f 100644
+--- a/lib/http.c
++++ b/lib/http.c
+@@ -673,6 +673,7 @@ output_auth_headers(struct Curl_easy *data,
+   if(authstatus->picked == CURLAUTH_BEARER) {
+     /* Bearer */
+     if((!proxy && data->set.str[STRING_BEARER] &&
++       Curl_auth_allowed_to_host(data) &&
+         !Curl_checkheaders(data, STRCONST("Authorization")))) {
+       auth = "Bearer";
+       result = http_output_bearer(data);
+diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
+index 4c2cd52999..9fb92742ee 100644
+--- a/tests/data/Makefile.inc
++++ b/tests/data/Makefile.inc
+@@ -230,7 +230,7 @@ test1941 test1942 test1943 test1944 test1945 test1946 test1947 test1948 \
+ test1955 test1956 test1957 test1958 test1959 test1960 test1964 \
+ test1970 test1971 test1972 test1973 test1974 test1975 \
+ \
+-test2000 test2001 test2002 test2003 test2004 test2005 \
++test2000 test2001 test2002 test2003 test2004 test2005 test2006 \
+ \
+                                                                test2023 \
+ test2024 test2025 test2026 test2027 test2028 test2029 test2030 test2031 \
+diff --git a/tests/data/test2006 b/tests/data/test2006
+new file mode 100644
+index 0000000000..200d30a7ce
+--- /dev/null
++++ b/tests/data/test2006
+@@ -0,0 +1,98 @@
++<?xml version="1.0" encoding="US-ASCII"?>
++<testcase>
++<info>
++<keywords>
++netrc
++HTTP
++</keywords>
++</info>
++# Server-side
++<reply>
++<data crlf="headers">
++HTTP/1.1 301 Follow this you fool
++Date: Tue, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
++ETag: "21025-dc7-39462498"
++Accept-Ranges: bytes
++Content-Length: 6
++Connection: close
++Location: http://b.com/%TESTNUMBER0002
++
++-foo-
++</data>
++
++<data2 crlf="headers">
++HTTP/1.1 200 OK
++Date: Tue, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
++ETag: "21025-dc7-39462498"
++Accept-Ranges: bytes
++Content-Length: 7
++Connection: close
++
++target
++</data2>
++
++<datacheck crlf="headers">
++HTTP/1.1 301 Follow this you fool
++Date: Tue, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
++ETag: "21025-dc7-39462498"
++Accept-Ranges: bytes
++Content-Length: 6
++Connection: close
++Location: http://b.com/%TESTNUMBER0002
++
++HTTP/1.1 200 OK
++Date: Tue, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT
++ETag: "21025-dc7-39462498"
++Accept-Ranges: bytes
++Content-Length: 7
++Connection: close
++
++target
++</datacheck>
++</reply>
++
++# Client-side
++<client>
++<server>
++http
++</server>
++<features>
++proxy
++</features>
++<name>
++.netrc default with redirect plus oauth2-bearer
++</name>
++<command>
++--netrc --netrc-file %LOGDIR/netrc%TESTNUMBER --oauth2-bearer SECRET_TOKEN -L -x http://%HOSTIP:%HTTPPORT/ http://a.com/
++</command>
++<file name="%LOGDIR/netrc%TESTNUMBER" >
++default login testuser password testpass
++</file>
++</client>
++
++<verify>
++<protocol crlf="headers">
++GET http://a.com/ HTTP/1.1
++Host: a.com
++Authorization: Bearer SECRET_TOKEN
++User-Agent: curl/%VERSION
++Accept: */*
++Proxy-Connection: Keep-Alive
++
++GET http://b.com/%TESTNUMBER0002 HTTP/1.1
++Host: b.com
++User-Agent: curl/%VERSION
++Accept: */*
++Proxy-Connection: Keep-Alive
++
++</protocol>
++</verify>
++</testcase>
+--
+2.44.1
diff --git a/meta/recipes-support/curl/curl_8.7.1.bb b/meta/recipes-support/curl/curl_8.7.1.bb
index e2f6f8472f..07e532721f 100644
--- a/meta/recipes-support/curl/curl_8.7.1.bb
+++ b/meta/recipes-support/curl/curl_8.7.1.bb
@@ -34,6 +34,7 @@ SRC_URI = " \
     file://CVE-2025-15224.patch \
     file://CVE-2026-1965_p1.patch \
     file://CVE-2026-1965_p2.patch \
+    file://CVE-2026-3783.patch \
 "
 
 SRC_URI:append:class-nativesdk = " \
-- 
2.44.4