{"id":54221,"date":"2026-05-13T14:54:47","date_gmt":"2026-05-13T14:54:47","guid":{"rendered":"https:\/\/zero.redgem.net\/?p=54221"},"modified":"2026-05-13T14:54:47","modified_gmt":"2026-05-13T14:54:47","slug":"connection-reuse-ignores-tls-requirement","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=54221","title":{"rendered":"connection reuse ignores TLS requirement_CVE-2026-4873"},"content":{"rendered":"

{“lastseen”:””,”description”:”A vulnerability exists where a connection requiring TLS incorrectly reuses an\\nexisting unencrypted connection from the same connection pool. If an initial\\ntransfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request\\nto that same host bypasses the TLS requirement and instead transmit data\\nunencrypted.”,”published”:”2026-05-13T08:27:04.538Z”,”modified”:”2026-05-13T19:30:04.825Z”,”type”:”cve”,”title”:”connection reuse ignores TLS requirement”,”source”:”curl”,”references”:”https:\/\/curl.se\/docs\/CVE-2026-4873.json\\nhttps:\/\/curl.se\/docs\/CVE-2026-4873.html\\nhttps:\/\/hackerone.com\/reports\/3621851″,”id”:”CVE-2026-4873″,”bulletinFamily”:””,”cwe”:[“CWE-319″],”cvelist”:null,”sourceData”:”curl curl 8.19.0\\ncurl curl 8.18.0\\ncurl curl 8.17.0\\ncurl curl 8.16.0\\ncurl curl 8.15.0\\ncurl curl 8.14.1\\ncurl curl 8.14.0\\ncurl curl 8.13.0\\ncurl curl 8.12.1\\ncurl curl 8.12.0\\ncurl curl 8.11.1\\ncurl curl 8.11.0\\ncurl curl 8.10.1\\ncurl curl 8.10.0\\ncurl curl 8.9.1\\ncurl curl 8.9.0\\ncurl curl 8.8.0\\ncurl curl 8.7.1\\ncurl curl 8.7.0\\ncurl curl 8.6.0\\ncurl curl 8.5.0\\ncurl curl 8.4.0\\ncurl curl 8.3.0\\ncurl curl 8.2.1\\ncurl curl 8.2.0\\ncurl curl 8.1.2\\ncurl curl 8.1.1\\ncurl curl 8.1.0\\ncurl curl 8.0.1\\ncurl curl 8.0.0\\ncurl curl 7.88.1\\ncurl curl 7.88.0\\ncurl curl 7.87.0\\ncurl curl 7.86.0\\ncurl curl 7.85.0\\ncurl curl 7.84.0\\ncurl curl 7.83.1\\ncurl curl 7.83.0\\ncurl curl 7.82.0\\ncurl curl 7.81.0\\ncurl curl 7.80.0\\ncurl curl 7.79.1\\ncurl curl 7.79.0\\ncurl curl 7.78.0\\ncurl curl 7.77.0\\ncurl curl 7.76.1\\ncurl curl 7.76.0\\ncurl curl 7.75.0\\ncurl curl 7.74.0\\ncurl curl 7.73.0\\ncurl curl 7.72.0\\ncurl curl 7.71.1\\ncurl curl 7.71.0\\ncurl curl 7.70.0\\ncurl curl 7.69.1\\ncurl curl 7.69.0\\ncurl curl 7.68.0\\ncurl curl 7.67.0\\ncurl curl 7.66.0\\ncurl curl 7.65.3\\ncurl curl 7.65.2\\ncurl curl 7.65.1\\ncurl curl 7.65.0\\ncurl curl 7.64.1\\ncurl curl 7.64.0\\ncurl curl 7.63.0\\ncurl curl 7.62.0\\ncurl curl 7.61.1\\ncurl curl 7.61.0\\ncurl curl 7.60.0\\ncurl curl 7.59.0\\ncurl curl 7.58.0\\ncurl curl 7.57.0\\ncurl curl 7.56.1\\ncurl curl 7.56.0\\ncurl curl 7.55.1\\ncurl curl 7.55.0\\ncurl curl 7.54.1\\ncurl curl 7.54.0\\ncurl curl 7.53.1\\ncurl curl 7.53.0\\ncurl curl 7.52.1\\ncurl curl 7.52.0\\ncurl curl 7.51.0\\ncurl curl 7.50.3\\ncurl curl 7.50.2\\ncurl curl 7.50.1\\ncurl curl 7.50.0\\ncurl curl 7.49.1\\ncurl curl 7.49.0\\ncurl curl 7.48.0\\ncurl curl 7.47.1\\ncurl curl 7.47.0\\ncurl curl 7.46.0\\ncurl curl 7.45.0\\ncurl curl 7.44.0\\ncurl curl 7.43.0\\ncurl curl 7.42.1\\ncurl curl 7.42.0\\ncurl curl 7.41.0\\ncurl curl 7.40.0\\ncurl curl 7.39.0\\ncurl curl 7.38.0\\ncurl curl 7.37.1\\ncurl curl 7.37.0\\ncurl curl 7.36.0\\ncurl curl 7.35.0\\ncurl curl 7.34.0\\ncurl curl 7.33.0\\ncurl curl 7.32.0\\ncurl curl 7.31.0\\ncurl curl 7.30.0\\ncurl curl 7.29.0\\ncurl curl 7.28.1\\ncurl curl 7.28.0\\ncurl curl 7.27.0\\ncurl curl 7.26.0\\ncurl curl 7.25.0\\ncurl curl 7.24.0\\ncurl curl 7.23.1\\ncurl curl 7.23.0\\ncurl curl 7.22.0\\ncurl curl 7.21.7\\ncurl curl 7.21.6\\ncurl curl 7.21.5\\ncurl curl 7.21.4\\ncurl curl 7.21.3\\ncurl curl 7.21.2\\ncurl curl 7.21.1\\ncurl curl 7.21.0\\ncurl curl 7.20.1\\ncurl curl 7.20.0″,”sourceHref”:””,”cvss”:{“score”:5.9,”severity”:”MEDIUM”,”vector”:”CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”curl”,”version”:”8.19.0″,”vendor”:”curl”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:””,”description”:”A vulnerability exists where a connection requiring TLS incorrectly reuses an\\nexisting unencrypted connection from the same connection pool. If an initial\\ntransfer is made in clear-text…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,97,12,21,13,7,11,5],"class_list":["post-54221","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-59","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\nconnection reuse ignores TLS requirement_CVE-2026-4873 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=54221\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"connection reuse ignores TLS requirement_CVE-2026-4873 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:””,”description”:”A vulnerability exists where a connection requiring TLS incorrectly reuses annexisting unencrypted connection from the same connection pool. If an initialntransfer is made in clear-text...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=54221\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-13T14:54:47+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=54221#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=54221\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"connection reuse ignores TLS requirement_CVE-2026-4873\",\"datePublished\":\"2026-05-13T14:54:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=54221\"},\"wordCount\":443,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-5.9\",\"exploit\",\"MEDIUM\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_cve\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=54221#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=54221\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=54221\",\"name\":\"connection reuse ignores TLS requirement_CVE-2026-4873 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-05-13T14:54:47+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=54221#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=54221\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=54221#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"connection reuse ignores TLS requirement_CVE-2026-4873\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"connection reuse ignores TLS requirement_CVE-2026-4873 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=54221","og_locale":"en_US","og_type":"article","og_title":"connection reuse ignores TLS requirement_CVE-2026-4873 - zero redgem","og_description":"{“lastseen”:””,”description”:”A vulnerability exists where a connection requiring TLS incorrectly reuses annexisting unencrypted connection from the same connection pool. If an initialntransfer is made in clear-text...","og_url":"https:\/\/zero.redgem.net\/?p=54221","og_site_name":"zero redgem","article_published_time":"2026-05-13T14:54:47+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=54221#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=54221"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"connection reuse ignores TLS requirement_CVE-2026-4873","datePublished":"2026-05-13T14:54:47+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=54221"},"wordCount":443,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-5.9","exploit","MEDIUM","news","Security","tapic","Vulnerability"],"articleSection":["category_cve"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=54221#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=54221","url":"https:\/\/zero.redgem.net\/?p=54221","name":"connection reuse ignores TLS requirement_CVE-2026-4873 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-05-13T14:54:47+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=54221#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=54221"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=54221#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"connection reuse ignores TLS requirement_CVE-2026-4873"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/54221","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=54221"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/54221\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=54221"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=54221"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=54221"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}