CURL-CVE-2026-5773

See a problem?
Please try reporting it to the source first.

Source

https://curl.se/docs/CVE-2026-5773.html

Import Source

https://curl.se/docs/CURL-CVE-2026-5773.json

JSON Data

https://api.osv.dev/v1/vulns/CURL-CVE-2026-5773

Aliases

CVE-2026-5773

Published

2026-04-29T08:00:00Z

Modified

2026-05-19T14:06:55.512106Z

Summary

wrong reuse of SMB connection

Details

libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers.

libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead.

When reusing a connection a range of criteria must be met. Due to a logical error in the code, a network transfer operation that was requested by an application could wrongfully reuse an existing SMB connection to the same server that was using a different "share" than the new subsequent transfer should.

This could in unlucky situations lead to the download of the wrong file or the upload of a file to the wrong place. When this happens, the same credentials are used and the server name is the same.

Database specific

{
    "www": "https://curl.se/docs/CVE-2026-5773.html",
    "package": "curl",
    "URL": "https://curl.se/docs/CVE-2026-5773.json",
    "last_affected": "8.19.0",
    "severity": "Low",
    "CWE": {
        "desc": "Exposure of Data Element to Wrong Session",
        "id": "CWE-488"
    },
    "affects": "both",
    "issue": "https://hackerone.com/reports/3650689"
}

References

Credits

- Osama Hamad - FINDER
- Daniel Stenberg - REMEDIATION_DEVELOPER

Affected packages

Git / github.com/curl/curl.git

Affected ranges

Type: SEMVER
Events: Introduced

7.40.0

Fixed

8.20.0

Type: GIT
Repo: https://github.com/curl/curl.git
Events: Introduced

aec2e865f06669b9cb5d26cc1148d70bc418b163

Fixed

74a169575d6412dc0ff532acdf94de35a6c2a571

Affected versions

7.*

7.40.0

7.41.0

7.42.0

7.42.1

7.43.0

7.44.0

7.45.0

7.46.0

7.47.0

7.47.1

7.48.0

7.49.0

7.49.1

7.50.0

7.50.1

7.50.2

7.50.3

7.51.0

7.52.0

7.52.1

7.53.0

7.53.1

7.54.0

7.54.1

7.55.0

7.55.1

7.56.0

7.56.1

7.57.0

7.58.0

7.59.0

7.60.0

7.61.0

7.61.1

7.62.0

7.63.0

7.64.0

7.64.1

7.65.0

7.65.1

7.65.2

7.65.3

7.66.0

7.67.0

7.68.0

7.69.0

7.69.1

7.70.0

7.71.0

7.71.1

7.72.0

7.73.0

7.74.0

7.75.0

7.76.0

7.76.1

7.77.0

7.78.0

7.79.0

7.79.1

7.80.0

7.81.0

7.82.0

7.83.0

7.83.1

7.84.0

7.85.0

7.86.0

7.87.0

7.88.0

7.88.1

8.*

8.0.0

8.0.1

8.1.0

8.1.1

8.1.2

8.10.0

8.10.1

8.11.0

8.11.1

8.12.0

8.12.1

8.13.0

8.14.0

8.14.1

8.15.0

8.16.0

8.17.0

8.18.0

8.19.0

8.2.0

8.2.1

8.3.0

8.4.0

8.5.0

8.6.0

8.7.0

8.7.1

8.8.0

8.9.0

8.9.1

Other

curl-7_40_0

curl-7_41_0

curl-7_42_0

curl-7_43_0

curl-7_44_0

curl-7_45_0

curl-7_46_0

curl-7_47_0

curl-7_47_1

curl-7_48_0

curl-7_49_0

curl-7_49_1

curl-7_50_0

curl-7_50_1

curl-7_50_2

curl-7_50_3

curl-7_51_0

curl-7_52_0

curl-7_52_1

curl-7_53_0

curl-7_53_1

curl-7_54_0

curl-7_54_1

curl-7_55_0

curl-7_55_1

curl-7_56_0

curl-7_56_1

curl-7_57_0

curl-7_58_0

curl-7_59_0

curl-7_60_0

curl-7_61_0

curl-7_61_1

curl-7_62_0

curl-7_63_0

curl-7_64_0

curl-7_64_1

curl-7_65_0

curl-7_65_1

curl-7_65_2

curl-7_65_3

curl-7_66_0

curl-7_67_0

curl-7_68_0

curl-7_69_0

curl-7_69_1

curl-7_70_0

curl-7_71_0

curl-7_71_1

curl-7_72_0

curl-7_73_0

curl-7_74_0

curl-7_75_0

curl-7_76_0

curl-7_76_1

curl-7_77_0

curl-7_78_0

curl-7_79_0

curl-7_79_1

curl-7_80_0

curl-7_81_0

curl-7_82_0

curl-7_83_0

curl-7_83_1

curl-7_84_0

curl-7_85_0

curl-7_86_0

curl-7_87_0

curl-7_88_0

curl-7_88_1

curl-8_0_0

curl-8_0_1

curl-8_10_0

curl-8_10_1

curl-8_11_0

curl-8_11_1

curl-8_12_0

curl-8_12_1

curl-8_13_0

curl-8_14_0

curl-8_14_1

curl-8_15_0

curl-8_16_0

curl-8_17_0

curl-8_18_0

curl-8_19_0

curl-8_1_0

curl-8_1_1

curl-8_1_2

curl-8_2_0

curl-8_2_1

curl-8_3_0

curl-8_4_0

curl-8_5_0

curl-8_6_0

curl-8_7_0

curl-8_7_1

curl-8_8_0

curl-8_9_0

curl-8_9_1

rc-8_18_0-1

rc-8_18_0-2

rc-8_18_0-3

rc-8_19_0-1

rc-8_19_0-2

rc-8_19_0-3

rc-8_20_0-1

Database specific

vanir_signatures

[
    {
        "id": "CURL-CVE-2026-5773-ce96841d",
        "signature_version": "v1",
        "source": "https://github.com/curl/curl.git/commit/74a169575d6412dc0ff532acdf94de35a6c2a571",
        "signature_type": "Line",
        "target": {
            "file": "lib/protocol.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "283484103587021140185473640195385188213",
                "51413613464287816571195646581916328705",
                "50657125667698113139735675550160507197",
                "109745977035312476342802684866473502970",
                "155876444996527445678040642288005699706",
                "189120337197838981146493639364407128017",
                "110638884583177156814419953150639226214",
                "58536000395487246013630143241898699709"
            ]
        },
        "deprecated": false
    }
]

vanir_signatures_modified

"2026-05-19T14:06:55Z"

source

"https://curl.se/docs/CURL-CVE-2026-5773.json"