CVE-2026-5545

libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTPS request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid...

Linux Distros Unpatched Vulnerability : CVE-2026-43001

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied projectid for an EC2-type credential...

CLSA-2026-1774259901 curl: Fix of 3 CVEs

CVE-2026-1965: fix incorrect connection reuse; prevent reuse of Negotiate- authenticated connections with different credentials and require authentication identity match - CVE-2026-3784: fix wrong proxy connection reuse with different credentials; check proxy user/password in proxyinfomatches to...

CLSA-2026-1774259220 curl: Fix of 3 CVEs

CVE-2026-1965: fix incorrect connection reuse; prevent reuse of Negotiate- authenticated connections with different credentials and require authentication identity match - CVE-2026-3784: fix wrong proxy connection reuse with different credentials; check proxy user/password in proxyinfomatches to...

SUSE CVE-2026-1965

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

ALPINE-CVE-2026-3784

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection...

CVE-2026-1965

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

CURL-CVE-2026-1965 bad reuse of HTTP Negotiate connection

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

curl 安全漏洞

curl is an open-source tool developed by cURL for transferring data from or to a server. Curl has a security vulnerability that stems from a logical error leading to improper reuse of connections. This allows requests using different credentials to mistakenly reuse the same connection...

ROS-2-1174

2.1174 Vulnerability in Git CVE-2020-11008, CVE-2020-5260 1. Vulnerability Description: Vulnerability in Git. The vulnerability affects the "credential.helper" handlers and is exploited when a specially crafted URL containing a newline character, an empty host, or an unspecified request scheme is...

CLSA-2022-1655317708 Fix CVE(s): CVE-2022-22576

SECURITY UPDATE: Reusing OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials - debian/patches/CVE-2022-22576.patch: Check additional SASL parameters for connection reuse - CVE-2022-22576...

OESA-2022-1659 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: This security flaw in curl allows to reuse an OAUTH2 authenticated connection without properly ensuring that the connection is authenticated wi...

Reusing authenticated connection when unauthenticated

libcurl keeps a pool of its last few connections around after use to facilitate easy, convenient and completely transparent connection reuse for applications. When doing HTTP requests NTLM authenticated, the entire connection becomes authenticated and not only the specific HTTP request which is...

wrong reuse of connections

libcurl can in some circumstances reuse the wrong connection when asked to do transfers using other protocols than HTTP and FTP. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

CURL-CVE-2014-0015 reuse of wrong HTTP NTLM connection

libcurl can in some circumstances reuse the wrong connection when asked to do an NTLM-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criterion...