Lucene search
+L

445 matches found

EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43645

In Eclipse Jetty, a first HTTP/1.1 request with trailers causes the server to retain the trailers in subsequent requests performed over the same connection. Subsequent request that do not have trailers report the trailers of the first request. Subsequent request that do have trailers report the...

7.5CVSS6.1AI score0.00253EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/07/10 3:20 a.m.6 views

SUSE CVE-2026-8286

A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not...

7.4CVSS6.1AI score0.0052EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2026/07/10 3:20 a.m.8 views

SUSE CVE-2026-8458

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

4.2CVSS6.1AI score0.00543EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/07/06 9:37 p.m.6 views

CVE-2026-8286

A flaw was found in curl. When a new data transfer attempts to upgrade its connection using STARTTLS, it may incorrectly reuse an existing live connection. This reuse can occur even if the Transport Layer Security TLS configuration of the new transfer does not match the existing connection,...

8.1CVSS5.8AI score0.0052EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/07/06 8:28 p.m.7 views

CVE-2026-8932

A flaw was found in curl. The libcurl library, used for transferring data with URLs, could improperly reuse existing network connections. This occurred even when changes to mutual Transport Layer Security mTLS settings, particularly those for client certificates, should have prevented such reuse...

7.5CVSS6AI score0.00368EPSS
Exploits1References6
Microsoft CVE
Microsoft CVE
added 2026/07/04 8:4 a.m.4 views

incomplete mTLS config matching in conn reuse

...

7.5CVSS6.2AI score0.00368EPSS
Exploits1
Snyk
Snyk
added 2026/07/03 8:18 a.m.7 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the connection reuse process. An attacker can gain unauthorized access to resources or services by exploiting the reuse of an authenticated connection intended for a different service. Remediation Upgrade libcur...

6.9CVSS6AI score0.00543EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/03 8:18 a.m.5 views

Authentication Bypass by Primary Weakness

Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness due to incomplete matching of mTLS configuration options during connection reuse in the connection process. An attacker can cause connections to be reused with incorrect client certificate...

9.3CVSS6.1AI score0.00368EPSS
Exploits1References2
NVD
NVD
added 2026/07/03 7:16 a.m.7 views

CVE-2026-8932

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS...

7.5CVSS0.00368EPSS
Exploits1References3
OSV
OSV
added 2026/07/03 7:16 a.m.3 views

ALPINE-CVE-2026-8932

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS...

7.5CVSS6.2AI score0.00368EPSS
Exploits1References1
NVD
NVD
added 2026/07/03 7:16 a.m.14 views

CVE-2026-8458

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

6.5CVSS0.00543EPSS
Exploits1References3
OSV
OSV
added 2026/07/03 7:16 a.m.6 views

ALPINE-CVE-2026-8458

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

6.5CVSS6AI score0.00543EPSS
Exploits1References1
OSV
OSV
added 2026/07/03 7:16 a.m.5 views

ALPINE-CVE-2026-8286

A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not...

8.1CVSS5.9AI score0.0052EPSS
Exploits1References1
OSV
OSV
added 2026/07/03 7:16 a.m.4 views

ALPINE-CVE-2026-11564

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

9.1CVSS6AI score0.0061EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/07/03 6:16 a.m.82 views

CVE-2026-8932 incomplete mTLS config matching in conn reuse

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS...

0.00368EPSS
Exploits1References3
EUVD
EUVD
added 2026/07/03 6:16 a.m.9 views

EUVD-2026-41509

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS...

6.2AI score0.00368EPSS
Exploits1References3
CVE
CVE
added 2026/07/03 6:16 a.m.25 views

CVE-2026-8932

CVE-2026-8932 : The vulnerability describes incomplete mTLS config matching in libcurl’s connection reuse logic. A previously used TLS client-certificate-related setting (notably the private key) was omitted from the configuration match checks, causing connections in the pool to be reused even wh...

7.5CVSS6.2AI score0.00368EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/07/03 6:16 a.m.2 views

CVE-2026-8932 incomplete mTLS config matching in conn reuse

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS...

7.5CVSS6.2AI score0.00368EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2026/07/03 6:14 a.m.7 views

CVE-2026-8458

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

6.5CVSS6AI score0.00543EPSS
Exploits1References3
EUVD
EUVD
added 2026/07/03 6:14 a.m.9 views

EUVD-2026-41504

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different 'services'. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

6AI score0.00543EPSS
Exploits1References3
Rows per page
Query Builder