Lucene search
K

431 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in curl

A authentication bypass vulnerability exists in libcurl version 8.0.0, particularly in the connection reuse feature. This vulnerability allows for the reuse of previously established connections with incorrect user permissions, due to a failure to check for changes in the CURLOPTGSSAPIDELEGATION...

5.9CVSS6.9AI score0.01566EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in curl

libcurl will reuse a previously established connection even when options related to TLS or SSH have been changed, which should prevent such reuses. libcurl stores previously used connections in a connection pool, allowing for reuse if one of them matches the current setup. However, several TLS an...

7.5CVSS6.6AI score0.02596EPSS
Exploits1References2
OSV
OSV
added 2026/05/18 10:0 a.m.8 views

CLSA-2026-1779098432 Fix CVE(s): CVE-2026-5773

SECURITY UPDATE: wrong SMB connection reused due to missing share comparison - debian/patches/CVE-2026-5773.patch: disable connection reuse for SMBS by replacing connkeep with connclose in smbconnect lib/smb.c - CVE-2026-5773...

7.5CVSS5.8AI score0.00549EPSS
Exploits1References1
OSV
OSV
added 2026/05/18 7:44 a.m.7 views

SUSE-SU-2026:1940-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2026-4873: connection reuse ignores TLS requirement bsc1262631. - CVE-2026-5545: wrong reuse of HTTP Negotiate connection bsc1262632. - CVE-2026-6253: proxy credentials leak over redirect-to proxy bsc1262635. -...

7.5CVSS5.8AI score0.00639EPSS
Exploits5References13
Hacker One
Hacker One
added 2026/05/16 9:24 p.m.120 views

curl: Connection reuse ignores haproxyprotocol and HAPROXY_CLIENT_IP settings, allowing PROXY context to persist across transfers

Summary: libcurl's connection pool match logic does not include the CURLOPTHAPROXYPROTOCOL setting or the CURLOPTHAPROXYCLIENTIP value in its connection match key. Two transfers issued through the same Curleasy or via a shared connection cache CURLLOCKDATACONNECT therefore share one TCP connectio...

7.5CVSS7AI score0.00715EPSS
Exploits9
Microsoft CVE
Microsoft CVE
added 2026/05/14 8:2 a.m.10 views

wrong reuse of HTTP Negotiate connection

...

6.5CVSS5.3AI score0.00414EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2026/05/14 8:2 a.m.11 views

connection reuse ignores TLS requirement

...

5.9CVSS5.8AI score0.00329EPSS
Exploits1
Hacker One
Hacker One
added 2026/05/13 9:34 p.m.7 views

curl: CVE-2026-8932: incomplete mTLS config matching in conn reuse

Hi all, This report and my multiple subsequent ones may come as a surprise, as I was assured that curl now had zero vulnerabilities in it. Nonetheless, I think the CVE-2022-27782 fix "TLS and SSH connection too eager reuse", commit f18af4f874 2022-05-09, "tls: check more TLS details for connectio...

7.5CVSS6.6AI score0.02596EPSS
Exploits2
EUVD
EUVD
added 2026/05/13 6:30 p.m.12 views

EUVD-2026-29923

libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTPS request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid...

6.5CVSS5.8AI score0.00414EPSS
Exploits1References4
EUVD
EUVD
added 2026/05/13 6:30 p.m.10 views

EUVD-2026-29924

libcurl might in some circumstances reuse the wrong connection for SMBS transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the...

7.5CVSS5.8AI score0.00549EPSS
Exploits1References5
NVD
NVD
added 2026/05/13 1:1 p.m.10 views

CVE-2026-5773

libcurl might in some circumstances reuse the wrong connection for SMBS transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the...

7.5CVSS0.00549EPSS
Exploits1References4
OSV
OSV
added 2026/05/13 1:1 p.m.8 views

ALPINE-CVE-2026-5545

libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTPS request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid...

6.5CVSS5.4AI score0.00414EPSS
Exploits1References1
NVD
NVD
added 2026/05/13 1:1 p.m.11 views

CVE-2026-5545

libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTPS request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid...

6.5CVSS0.00414EPSS
Exploits1References3
OSV
OSV
added 2026/05/13 1:1 p.m.10 views

ALPINE-CVE-2026-5773

libcurl might in some circumstances reuse the wrong connection for SMBS transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the...

7.5CVSS5.4AI score0.00549EPSS
Exploits1References1
NVD
NVD
added 2026/05/13 1:1 p.m.10 views

CVE-2026-4873

A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text via IMAP, SMTP, or POP3, a subsequent request to that same host bypasses the TLS requirement and instead transm...

5.9CVSS0.00329EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/13 8:27 a.m.8 views

CVE-2026-5773

libcurl might in some circumstances reuse the wrong connection for SMBS transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the...

5.8AI score0.00549EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/05/13 8:27 a.m.41 views

CVE-2026-5773

CVE-2026-5773 affects libcurl and involves a logical error in the SMB connection reuse pool. The code could reuse an existing SMB connection to the same server but with a different share, potentially causing the wrong file to be downloaded or a file to be uploaded to the wrong location, while cre...

7.5CVSS5.8AI score0.00549EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/13 8:27 a.m.10 views

CVE-2026-5773 wrong reuse of SMB connection

libcurl might in some circumstances reuse the wrong connection for SMBS transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the...

5.8AI score0.00549EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/05/13 8:27 a.m.6 views

CVE-2026-5773

libcurl might in some circumstances reuse the wrong connection for SMBS transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the...

7.5CVSS5.8AI score0.00549EPSS
Exploits1
CVE
CVE
added 2026/05/13 8:27 a.m.48 views

CVE-2026-5545

CVE-2026-5545 affects libcurl: a logical error in connection reuse can cause a request to a server usingNegotiate authentication with user1:password1 to be mistakenly sent over a connection still authenticated for user1 when a second operation tries to authenticate as user2:password2 on the same ...

6.5CVSS5.8AI score0.00414EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder