2 matches found
curl: CVE-2026-8458: wrong reuse for different services
Summary: I found an incomplete-fix variant of CVE-2026-5545 in curl/libcurl 8.20.0. libcurl 8.20.0 still wrongly reuses an HTTP Negotiate-authenticated connection for a later request to the same host even when the requested service principal changes via CURLOPTSERVICENAME / --service-name. In my...
Fedora 42 : curl (2026-907bbf2a13)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-907bbf2a13 advisory. - fix bad reuse of HTTP Negotiate connection CVE-2026-1965 - fix token leak with redirect and netrc CVE-2026-3783 - fix wrong proxy connection reuse...