You would like to know if Symantec Endpoint Protection (SEP) Windows and Linux client is affected by below CVEs listed on https://curl.se/docs/security.html

CVE-2026-7168
CVE-2026-6429
CVE-2026-6276
CVE-2026-6253
CVE-2026-5773
CVE-2026-5545
CVE-2026-4873

SEP 14.3x

SAL 14.3 RU1 and later

For Windows agent: SEP does not invoke any of the vulnerable code paths for the listed CVEs. Therefore, the SEP Windows client is not impacted.

For the Linux agent:
CVE-2026-7168: No impact. The digest proxy auth mechanism is not used.
CVE-2026-6429: No impact - SEP Linux does not use .netrc.
CVE-2026-6276: No impact. Although the easy_handle() API is used for stic, rrs lookup, and LU communications, SEP Linux does not reuse the same function call across multiple HTTP requests. Additionally, TLS server certificate SNI serves as a mitigation to prevent incorrect host header transfers.
CVE-2026-6253: Not a product issue. This describes how customers should not configure their http(s) proxies with redirects when setting up multiple layers of proxy servers between SEP and backend servers.
CVE-2026-5773: No impact. SEP Linux does not use SMB protocol
CVE-2026-5545: No impact. SEP Linux only uses Basic HTTP authentication and does not negotiate multiple authentication methods.
CVE-2026-4873: No impact. SEP Linux does not use TLS over IMAP4, POP3, or SMTP protocols.