CVE-2026-4873
published 2026-05-13CVE-2026-4873: A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial…
PriorityP432medium5.9CVSS 3.1
AVNACHPRNUINSUCHINAN
EPSS
0.26%
17.5th percentile
A vulnerability exists where a connection requiring TLS incorrectly reuses an
existing unencrypted connection from the same connection pool. If an initial
transfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request
to that same host bypasses the TLS requirement and instead transmit data
unencrypted.
Affected
152 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| build-of-trustee | trustee-rhel9 | — | — |
| confidential-compute-attestation-tech-preview | trustee-rhel9 | — | — |
| confidential-containers | trustee | — | — |
| curl | curl | 7.20.0 – 7.20.0 | — |
| curl | curl | 7.20.1 – 7.20.1 | — |
| curl | curl | 7.21.0 – 7.21.0 | — |
| curl | curl | 7.21.1 – 7.21.1 | — |
| curl | curl | 7.21.2 – 7.21.2 | — |
| curl | curl | 7.21.3 – 7.21.3 | — |
| curl | curl | 7.21.4 – 7.21.4 | — |
| curl | curl | 7.21.5 – 7.21.5 | — |
| curl | curl | 7.21.6 – 7.21.6 | — |
| curl | curl | 7.21.7 – 7.21.7 | — |
| curl | curl | 7.22.0 – 7.22.0 | — |
| curl | curl | 7.23.0 – 7.23.0 | — |
| curl | curl | 7.23.1 – 7.23.1 | — |
| curl | curl | 7.24.0 – 7.24.0 | — |
| curl | curl | 7.25.0 – 7.25.0 | — |
| curl | curl | 7.26.0 – 7.26.0 | — |
| curl | curl | 7.27.0 – 7.27.0 | — |
| curl | curl | 7.28.0 – 7.28.0 | — |
| curl | curl | 7.28.1 – 7.28.1 | — |
| curl | curl | 7.29.0 – 7.29.0 | — |
| curl | curl | 7.30.0 – 7.30.0 | — |
| curl | curl | 7.31.0 – 7.31.0 | — |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
curl vulnerabilities
vendor_ubuntu·2026-05-04
CVE-2026-4873 curl vulnerabilities
Title: curl vulnerabilities
Summary: curl could be made to expose sensitive information over the network.
It was discovered that curl incorrectly reused non-TLS connections when
TLS was required in some STARTTLS configurations. A remote attacker could
possibly use this issue to obtain sensitive information. (CVE-2026-4873)
It was discovered that curl incorrectly reused certain HTTP Negotiate
connections. A remote attacker could possibly use this issue to obtain
sensitive information. (CVE-2026-5545)
It was discovered that curl incorrectly reused certain SMB connections. A
remote attacker could possibly use this issue to obtain sensitive
information. (CVE-2026-5773)
It was discovered that curl could leak proxy credentials when handling
redirects in some configurations. A remote attacke
Red Hat
curl: curl: Information disclosure due to incorrect TLS connection reuse
vendor_redhat·2026-04-29·CVSS 5.3
CVE-2026-4873 [MEDIUM] CWE-319 curl: curl: Information disclosure due to incorrect TLS connection reuse
curl: curl: Information disclosure due to incorrect TLS connection reuse
A flaw was found in curl. A remote attacker could exploit this by initiating an unencrypted connection (via IMAP, SMTP, or POP3) and then making a subsequent request to the same host that requires Transport Layer Security (TLS). Due to incorrect connection reuse, the subsequent request would bypass the TLS requirement, leading to the transmission of sensitive information in cleartext. This vulnerability, categorized as Cleartext Transmission of Sensitive Information (CWE-319), results in information disclosure.
Statement: Moderate: This flaw in curl allows for information disclosure when an unencrypted connection is incorrectly reused for a subsequent request that expects TLS. This can lead to the cleartext transmis
GHSA
GHSA-5fgw-rv54-prjx: A vulnerability exists where a connection requiring TLS incorrectly reuses an
existing unencrypted connection from the same connection pool
ghsa_unreviewed·2026-05-13
CVE-2026-4873 [MEDIUM] CWE-295 GHSA-5fgw-rv54-prjx: A vulnerability exists where a connection requiring TLS incorrectly reuses an
existing unencrypted connection from the same connection pool
A vulnerability exists where a connection requiring TLS incorrectly reuses an
existing unencrypted connection from the same connection pool. If an initial
transfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request
to that same host bypasses the TLS requirement and instead transmit data
unencrypted.
No detection rules found.
No public exploits indexed.
2026-05-13
Published