{“lastseen”:””,”description”:”libcurl might in some circumstances reuse the wrong connection for SMB(S)\\ntransfers.\\n\\nlibcurl features a pool of recent connections so that subsequent requests can\\nreuse an existing connection to avoid overhead.\\n\\nWhen reusing a connection a range of criteria must be met. Due to a logical\\nerror in the code, a network transfer operation that was requested by an\\napplication could wrongfully reuse an existing SMB connection to the same\\nserver that was using a different ‘share’ than the new subsequent transfer\\nshould.\\n\\nThis could in unlucky situations lead to the download of the wrong file or the\\nupload of a file to the wrong place. When this happens, the same credentials\\nare used and the server name is the same.”,”published”:”2026-05-13T08:27:42.342Z”,”modified”:”2026-05-13T17:45:08.173Z”,”type”:”cve”,”title”:”wrong reuse of SMB connection”,”source”:”curl”,”references”:”https:\/\/curl.se\/docs\/CVE-2026-5773.json\\nhttps:\/\/curl.se\/docs\/CVE-2026-5773.html\\nhttps:\/\/hackerone.com\/reports\/3650689″,”id”:”CVE-2026-5773″,”bulletinFamily”:””,”cwe”:null,”cvelist”:null,”sourceData”:”curl curl 8.19.0\\ncurl curl 8.18.0\\ncurl curl 8.17.0\\ncurl curl 8.16.0\\ncurl curl 8.15.0\\ncurl curl 8.14.1\\ncurl curl 8.14.0\\ncurl curl 8.13.0\\ncurl curl 8.12.1\\ncurl curl 8.12.0\\ncurl curl 8.11.1\\ncurl curl 8.11.0\\ncurl curl 8.10.1\\ncurl curl 8.10.0\\ncurl curl 8.9.1\\ncurl curl 8.9.0\\ncurl curl 8.8.0\\ncurl curl 8.7.1\\ncurl curl 8.7.0\\ncurl curl 8.6.0\\ncurl curl 8.5.0\\ncurl curl 8.4.0\\ncurl curl 8.3.0\\ncurl curl 8.2.1\\ncurl curl 8.2.0\\ncurl curl 8.1.2\\ncurl curl 8.1.1\\ncurl curl 8.1.0\\ncurl curl 8.0.1\\ncurl curl 8.0.0\\ncurl curl 7.88.1\\ncurl curl 7.88.0\\ncurl curl 7.87.0\\ncurl curl 7.86.0\\ncurl curl 7.85.0\\ncurl curl 7.84.0\\ncurl curl 7.83.1\\ncurl curl 7.83.0\\ncurl curl 7.82.0\\ncurl curl 7.81.0\\ncurl curl 7.80.0\\ncurl curl 7.79.1\\ncurl curl 7.79.0\\ncurl curl 7.78.0\\ncurl curl 7.77.0\\ncurl curl 7.76.1\\ncurl curl 7.76.0\\ncurl curl 7.75.0\\ncurl curl 7.74.0\\ncurl curl 7.73.0\\ncurl curl 7.72.0\\ncurl curl 7.71.1\\ncurl curl 7.71.0\\ncurl curl 7.70.0\\ncurl curl 7.69.1\\ncurl curl 7.69.0\\ncurl curl 7.68.0\\ncurl curl 7.67.0\\ncurl curl 7.66.0\\ncurl curl 7.65.3\\ncurl curl 7.65.2\\ncurl curl 7.65.1\\ncurl curl 7.65.0\\ncurl curl 7.64.1\\ncurl curl 7.64.0\\ncurl curl 7.63.0\\ncurl curl 7.62.0\\ncurl curl 7.61.1\\ncurl curl 7.61.0\\ncurl curl 7.60.0\\ncurl curl 7.59.0\\ncurl curl 7.58.0\\ncurl curl 7.57.0\\ncurl curl 7.56.1\\ncurl curl 7.56.0\\ncurl curl 7.55.1\\ncurl curl 7.55.0\\ncurl curl 7.54.1\\ncurl curl 7.54.0\\ncurl curl 7.53.1\\ncurl curl 7.53.0\\ncurl curl 7.52.1\\ncurl curl 7.52.0\\ncurl curl 7.51.0\\ncurl curl 7.50.3\\ncurl curl 7.50.2\\ncurl curl 7.50.1\\ncurl curl 7.50.0\\ncurl curl 7.49.1\\ncurl curl 7.49.0\\ncurl curl 7.48.0\\ncurl curl 7.47.1\\ncurl curl 7.47.0\\ncurl curl 7.46.0\\ncurl curl 7.45.0\\ncurl curl 7.44.0\\ncurl curl 7.43.0\\ncurl curl 7.42.1\\ncurl curl 7.42.0\\ncurl curl 7.41.0\\ncurl curl 7.40.0″,”sourceHref”:””,”cvss”:{“score”:7.5,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”curl”,”version”:”8.19.0″,”vendor”:”curl”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”libcurl might in some circumstances reuse the wrong connection for SMB(S)\\ntransfers.\\n\\nlibcurl features a pool of recent connections so that subsequent requests can\\nreuse an existing connection…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,16,12,15,13,7,11,5],"class_list":["post-54205","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-75","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n