← All stories
● Covered by 1 source Β· 1 reportMedium impact

Cloudflare Develops Privacy Protocol, curl Bug Discovered, Critical Hoppscotch Vulnerability

Aggregated by BrevFeed security Β· updated 4d ago
πŸ”– Save

Cloudflare, alongside major web browsers, introduced a protocol using Private Access Control Tokens to enhance web privacy. AISLE reported six vulnerabilities in curl, the oldest dating back to 2001, while a critical security flaw in Hoppscotch allows unauthenticated attackers to compromise API instances.

Key points

Cloudflare and Private Access Control Tokens

Cloudflare announced a collaboration with Google Chrome, Microsoft Edge, and Mozilla Firefox to introduce a new privacy-preserving protocol. This protocol, called Private Access Control Tokens (PACT), aims to differentiate between legitimate and undesirable web traffic, enhancing user privacy and reducing reliance on captchas. PACT allows websites to issue anonymous tokens that confirm human browser access without tracking users' history.

Vulnerabilities Discovered in curl

AISLE reported the discovery of six vulnerabilities in the curl library, including memory-lifetime issues and logic bugs. Notably, CVE-2026-8932, an older flaw, enables connection reuse despite invalid mTLS configurations. These vulnerabilities have existed since curl version 7.7, and a fix has been released in version 8.21.0.

Critical Security Flaw in Hoppscotch

A serious vulnerability (CVE-2026-50160) in self-hosted versions of the Hoppscotch API platform allows complete system takeovers. Discovered by Offgrid Security's AI agent, Kiro, the flaw enables unauthenticated attackers to inject sensitive keys into the database. This issue has a maximum CVSS score of 10.0, indicating its severity.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Reporting from

Cloudflare, alongside major web browsers, introduced a protocol using Private Access Control Tokens to enhance web privacy. AISLE reported six vulnerabilities in curl, the oldest dating back to 2001, while a critical security flaw in Hoppscotch allows unauthenticated attackers to compromise API instances.