Lucene search
K

431 matches found

RedhatCVE
RedhatCVE
added 3 days ago4 views

CVE-2026-8286

A flaw was found in curl. When a new data transfer attempts to upgrade its connection using STARTTLS, it may incorrectly reuse an existing live connection. This reuse can occur even if the Transport Layer Security TLS configuration of the new transfer does not match the existing connection,...

8.1CVSS5.8AI score0.00413EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 3 days ago5 views

CVE-2026-8932

A flaw was found in curl. The libcurl library, used for transferring data with URLs, could improperly reuse existing network connections. This occurred even when changes to mutual Transport Layer Security mTLS settings, particularly those for client certificates, should have prevented such reuse...

7.5CVSS6AI score0.00281EPSS
Exploits1References6
Snyk
Snyk
added 6 days ago4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the connection reuse process. An attacker can gain unauthorized access to resources or services by exploiting the reuse of an authenticated connection intended for a different service. Remediation Upgrade libcur...

6.9CVSS6AI score0.00421EPSS
Exploits1References2
Snyk
Snyk
added 6 days ago4 views

Authentication Bypass by Primary Weakness

Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness due to incomplete matching of mTLS configuration options during connection reuse in the connection process. An attacker can cause connections to be reused with incorrect client certificate...

9.3CVSS6.1AI score0.00281EPSS
Exploits1References2
OSV
OSV
added 6 days ago3 views

ALPINE-CVE-2026-8932

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS...

7.5CVSS6.2AI score0.00281EPSS
Exploits1References1
NVD
NVD
added 6 days ago6 views

CVE-2026-8932

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS...

7.5CVSS0.00281EPSS
Exploits1References3
OSV
OSV
added 6 days ago2 views

ALPINE-CVE-2026-8286

A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not...

8.1CVSS5.9AI score0.00413EPSS
Exploits1References1
OSV
OSV
added 6 days ago5 views

ALPINE-CVE-2026-8458

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

6.5CVSS6AI score0.00421EPSS
Exploits1References1
NVD
NVD
added 6 days ago10 views

CVE-2026-8458

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

6.5CVSS0.00421EPSS
Exploits1References3
OSV
OSV
added 6 days ago4 views

ALPINE-CVE-2026-11564

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

9.1CVSS6AI score0.00479EPSS
Exploits1References1
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-41509

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS...

6.2AI score0.00281EPSS
Exploits1References3
Cvelist
Cvelist
added 6 days ago50 views

CVE-2026-8932 incomplete mTLS config matching in conn reuse

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS...

0.00281EPSS
Exploits1References3
CVE
CVE
added 6 days ago16 views

CVE-2026-8932

CVE-2026-8932 : The vulnerability describes incomplete mTLS config matching in libcurl’s connection reuse logic. A previously used TLS client-certificate-related setting (notably the private key) was omitted from the configuration match checks, causing connections in the pool to be reused even wh...

7.5CVSS6.2AI score0.00281EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-41504

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

6AI score0.00421EPSS
Exploits1References3
CVE
CVE
added 6 days ago15 views

CVE-2026-8458

CVE-2026-8458 affects libcurl where, under Negotiate-authenticated requests, a logical error can cause a reused connection to be authenticated for a different service. This could allow a request to be served using credentials for another service, impacting integrity (high) and potentially exposin...

6.5CVSS6AI score0.00421EPSS
Exploits1References3Affected Software1
AlpineLinux
AlpineLinux
added 6 days ago5 views

CVE-2026-8458

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

6.5CVSS6AI score0.00421EPSS
Exploits1References3
CVE
CVE
added 6 days ago24 views

CVE-2026-8286

CVE-2026-8286 affects the curl project where a new transfer using STARTTLS to upgrade a connection can reuse an existing live connection despite a TLS configuration mismatch. Concrete details across connected docs show curl versions affected (pre-8.21.0 for 7.30.0 specifically) and indicate the r...

8.1CVSS5.9AI score0.00413EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 6 days ago41 views

CVE-2026-8286 wrong STARTTLS connection reuse

A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not...

0.00413EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 6 days ago5 views

CVE-2026-8286

A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not...

8.1CVSS5.9AI score0.00413EPSS
Exploits1References3
OSV
OSV
added 2026/06/30 10:27 a.m.4 views

SUSE-SU-2026:2703-1 Security update for curl

This update for curl fixes the following issues - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-5545: wrong reuse of HTTP Negotiate connection bsc1262632. - CVE-2026-5773: wrong reuse of SMB connection bsc1262633. - CVE-2026-6253: proxy credentials leak over...

7.5CVSS7.1AI score0.00639EPSS
Exploits6References13
Rows per page
Query Builder