curl: CVE-2026-8458: wrong reuse for different services
Summary: I found an incomplete-fix variant of CVE-2026-5545 in curl/libcurl 8.20.0. libcurl 8.20.0 still wrongly reuses an HTTP Negotiate-authenticated connection for a later request to the same host even when the requested service principal changes via CURLOPTSERVICENAME / --service-name. In my...