CVE-2026-5773: libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequent requests…

CVE-2026-4873 curl vulnerabilities Title: curl vulnerabilities Summary: curl could be made to expose sensitive information over the network. It was discovered that curl incorrectly reused non-TLS connections when TLS was required in some STARTTLS configurations. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-4873) It was discovered that curl incorrectly reused certain HTTP Negotiate connections. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-5545) It was discovered that curl incorrectly reused certain SMB connections. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-5773) It was discovered that curl could leak proxy credentials when handling redirects in some configurations. A remote attacke

CVE-2026-5773 [MEDIUM] CWE-1025 curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse A flaw was found in libcurl. Due to a logical error in the connection reuse mechanism for SMB (Server Message Block) transfers, libcurl might reuse an existing SMB connection with a different share than intended. This vulnerability, categorized as CWE-488 (Exposure of Data Element to Wrong Session), could lead to the download of an incorrect file or the upload of a file to an unintended location when an application uses libcurl for SMB transfers. Statement: This Moderate impact flaw in libcurl affects applications performing SMB transfers. A logical error in the SMB connection reuse mechanism can lead to unintended file downloads or uploads to incorrect locations. This impacts applications that rely on libcurl for s

CVE-2026-5773 [HIGH] CWE-918 GHSA-rp9q-8q5w-ch44: libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a network transfer operation that was requested by an application could wrongfully reuse an existing SMB connection to the same server that was using a different 'share' than the new subsequent transfer should. This could in unlucky situations lead to the download of the wrong file or the upload of a file to the wrong place. When this happens, the same credentials are used and the server name is the same.

CVE-2026-5773 [MEDIUM] CVE-2026-5773 curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse CVE-2026-5773 curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse A flaw was found in libcurl. Due to a logical error in the connection reuse mechanism for SMB (Server Message Block) transfers, libcurl might reuse an existing SMB connection with a different share than intended. This vulnerability, categorized as CWE-488 (Exposure of Data Element to Wrong Session), could lead to the download of an incorrect file or the upload of a file to an unintended location when an application uses libcurl for SMB transfers.