UBUNTU-CVE-2026-5545
- Source
- https://ubuntu.com/security/CVE-2026-5545
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-5545.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-5545
- Upstream
- Downstream
- Related
- Published
- 2026-04-29T14:00:00Z
- Modified
- 2026-05-20T22:03:09.578265813Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N CVSS Calculator
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTP(S) request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. An application that first uses Negotiate authentication to a server with
user1:password1and then does another operation to the same server asking for any authentication method but foruser2:password2(while the previous connection is still alive) - the second request gets confused and wrongly reuses the same connection and sends the new request over that connection thinking it uses a mix of user1's and user2's credentials when it is in fact still using the connection authenticated for user1... - References
Affected packages
Ubuntu:22.04:LTS
curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.81.0-1ubuntu1.24
Affected versions
7.*
7.74.0-1.3ubuntu2
7.74.0-1.3ubuntu3
7.80.0-3
7.81.0-1
7.81.0-1ubuntu1.1
7.81.0-1ubuntu1.2
7.81.0-1ubuntu1.3
7.81.0-1ubuntu1.4
7.81.0-1ubuntu1.6
7.81.0-1ubuntu1.7
7.81.0-1ubuntu1.8
7.81.0-1ubuntu1.10
7.81.0-1ubuntu1.11
7.81.0-1ubuntu1.13
7.81.0-1ubuntu1.14
7.81.0-1ubuntu1.15
7.81.0-1ubuntu1.16
7.81.0-1ubuntu1.17
7.81.0-1ubuntu1.18
7.81.0-1ubuntu1.19
7.81.0-1ubuntu1.20
7.81.0-1ubuntu1.21
7.81.0-1ubuntu1.22
7.81.0-1ubuntu1.23
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "7.81.0-1ubuntu1.24",
"binary_name": "curl"
},
{
"binary_version": "7.81.0-1ubuntu1.24",
"binary_name": "libcurl3-gnutls"
},
{
"binary_version": "7.81.0-1ubuntu1.24",
"binary_name": "libcurl3-nss"
},
{
"binary_version": "7.81.0-1ubuntu1.24",
"binary_name": "libcurl4"
}
]
}Ubuntu:24.04:LTS
curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.5.0-2ubuntu10.9
Affected versions
8.*
8.2.1-1ubuntu3
8.2.1-1ubuntu3.1
8.4.0-2ubuntu1
8.5.0-2ubuntu1
8.5.0-2ubuntu2
8.5.0-2ubuntu8
8.5.0-2ubuntu9
8.5.0-2ubuntu10
8.5.0-2ubuntu10.1
8.5.0-2ubuntu10.2
8.5.0-2ubuntu10.3
8.5.0-2ubuntu10.4
8.5.0-2ubuntu10.5
8.5.0-2ubuntu10.6
8.5.0-2ubuntu10.7
8.5.0-2ubuntu10.8
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "8.5.0-2ubuntu10.9",
"binary_name": "curl"
},
{
"binary_version": "8.5.0-2ubuntu10.9",
"binary_name": "libcurl3t64-gnutls"
},
{
"binary_version": "8.5.0-2ubuntu10.9",
"binary_name": "libcurl4t64"
}
]
}Ubuntu:25.10
curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.14.1-2ubuntu1.3
Affected versions
8.*
8.12.1-3ubuntu1
8.13.0-5ubuntu1
8.14.1-1ubuntu2
8.14.1-1ubuntu3
8.14.1-2ubuntu1
8.14.1-2ubuntu1.1
8.14.1-2ubuntu1.2
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "8.14.1-2ubuntu1.3",
"binary_name": "curl"
},
{
"binary_version": "8.14.1-2ubuntu1.3",
"binary_name": "libcurl3t64-gnutls"
},
{
"binary_version": "8.14.1-2ubuntu1.3",
"binary_name": "libcurl4t64"
}
]
}Ubuntu:26.04:LTS
curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.18.0-1ubuntu2.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "8.18.0-1ubuntu2.1",
"binary_name": "curl"
},
{
"binary_version": "8.18.0-1ubuntu2.1",
"binary_name": "libcurl3t64-gnutls"
},
{
"binary_version": "8.18.0-1ubuntu2.1",
"binary_name": "libcurl4t64"
}
]
}Ubuntu:Pro:14.04:LTS
curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl?arch=source&distro=esm-infra-legacy%2Ftrusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.32.0-1ubuntu1
7.33.0-1ubuntu1
7.34.0-1ubuntu1
7.35.0-1ubuntu1
7.35.0-1ubuntu2
7.35.0-1ubuntu2.1
7.35.0-1ubuntu2.2
7.35.0-1ubuntu2.3
7.35.0-1ubuntu2.5
7.35.0-1ubuntu2.6
7.35.0-1ubuntu2.7
7.35.0-1ubuntu2.8
7.35.0-1ubuntu2.9
7.35.0-1ubuntu2.10
7.35.0-1ubuntu2.11
7.35.0-1ubuntu2.12
7.35.0-1ubuntu2.13
7.35.0-1ubuntu2.14
7.35.0-1ubuntu2.15
7.35.0-1ubuntu2.16
7.35.0-1ubuntu2.17
7.35.0-1ubuntu2.19
7.35.0-1ubuntu2.20
7.35.0-1ubuntu2.20+esm2
7.35.0-1ubuntu2.20+esm3
7.35.0-1ubuntu2.20+esm4
7.35.0-1ubuntu2.20+esm5
7.35.0-1ubuntu2.20+esm6
7.35.0-1ubuntu2.20+esm7
7.35.0-1ubuntu2.20+esm8
7.35.0-1ubuntu2.20+esm9
7.35.0-1ubuntu2.20+esm10
7.35.0-1ubuntu2.20+esm11
7.35.0-1ubuntu2.20+esm12
7.35.0-1ubuntu2.20+esm13
7.35.0-1ubuntu2.20+esm14
7.35.0-1ubuntu2.20+esm15
7.35.0-1ubuntu2.20+esm16
7.35.0-1ubuntu2.20+esm17
7.35.0-1ubuntu2.20+esm18
7.35.0-1ubuntu2.20+esm19
Ecosystem specific
{
"binaries": [
{
"binary_version": "7.35.0-1ubuntu2.20+esm19",
"binary_name": "curl"
},
{
"binary_version": "7.35.0-1ubuntu2.20+esm19",
"binary_name": "libcurl3"
},
{
"binary_version": "7.35.0-1ubuntu2.20+esm19",
"binary_name": "libcurl3-gnutls"
},
{
"binary_version": "7.35.0-1ubuntu2.20+esm19",
"binary_name": "libcurl3-nss"
}
]
}Ubuntu:Pro:16.04:LTS
curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl?arch=source&distro=esm-infra%2Fxenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.43.0-1ubuntu2
7.45.0-1ubuntu1
7.46.0-1ubuntu1
7.47.0-1ubuntu1
7.47.0-1ubuntu2
7.47.0-1ubuntu2.1
7.47.0-1ubuntu2.2
7.47.0-1ubuntu2.3
7.47.0-1ubuntu2.4
7.47.0-1ubuntu2.5
7.47.0-1ubuntu2.6
7.47.0-1ubuntu2.7
7.47.0-1ubuntu2.8
7.47.0-1ubuntu2.9
7.47.0-1ubuntu2.11
7.47.0-1ubuntu2.12
7.47.0-1ubuntu2.13
7.47.0-1ubuntu2.14
7.47.0-1ubuntu2.15
7.47.0-1ubuntu2.16
7.47.0-1ubuntu2.18
7.47.0-1ubuntu2.19
7.47.0-1ubuntu2.19+esm1
7.47.0-1ubuntu2.19+esm2
7.47.0-1ubuntu2.19+esm3
7.47.0-1ubuntu2.19+esm4
7.47.0-1ubuntu2.19+esm5
7.47.0-1ubuntu2.19+esm6
7.47.0-1ubuntu2.19+esm7
7.47.0-1ubuntu2.19+esm8
7.47.0-1ubuntu2.19+esm9
7.47.0-1ubuntu2.19+esm10
7.47.0-1ubuntu2.19+esm11
7.47.0-1ubuntu2.19+esm12
7.47.0-1ubuntu2.19+esm13
7.47.0-1ubuntu2.19+esm15
Ecosystem specific
{
"binaries": [
{
"binary_version": "7.47.0-1ubuntu2.19+esm15",
"binary_name": "curl"
},
{
"binary_version": "7.47.0-1ubuntu2.19+esm15",
"binary_name": "libcurl3"
},
{
"binary_version": "7.47.0-1ubuntu2.19+esm15",
"binary_name": "libcurl3-gnutls"
},
{
"binary_version": "7.47.0-1ubuntu2.19+esm15",
"binary_name": "libcurl3-nss"
}
]
}Ubuntu:Pro:18.04:LTS
curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl?arch=source&distro=esm-infra%2Fbionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.55.1-1ubuntu2
7.55.1-1ubuntu2.1
7.57.0-1ubuntu1
7.58.0-2ubuntu1
7.58.0-2ubuntu2
7.58.0-2ubuntu3
7.58.0-2ubuntu3.1
7.58.0-2ubuntu3.2
7.58.0-2ubuntu3.3
7.58.0-2ubuntu3.5
7.58.0-2ubuntu3.6
7.58.0-2ubuntu3.7
7.58.0-2ubuntu3.8
7.58.0-2ubuntu3.9
7.58.0-2ubuntu3.10
7.58.0-2ubuntu3.12
7.58.0-2ubuntu3.13
7.58.0-2ubuntu3.14
7.58.0-2ubuntu3.15
7.58.0-2ubuntu3.16
7.58.0-2ubuntu3.17
7.58.0-2ubuntu3.18
7.58.0-2ubuntu3.19
7.58.0-2ubuntu3.20
7.58.0-2ubuntu3.21
7.58.0-2ubuntu3.22
7.58.0-2ubuntu3.23
7.58.0-2ubuntu3.24
7.58.0-2ubuntu3.24+esm1
7.58.0-2ubuntu3.24+esm2
7.58.0-2ubuntu3.24+esm3
7.58.0-2ubuntu3.24+esm4
7.58.0-2ubuntu3.24+esm5
7.58.0-2ubuntu3.24+esm7
7.58.0-2ubuntu3.24+esm8
Ecosystem specific
{
"binaries": [
{
"binary_version": "7.58.0-2ubuntu3.24+esm8",
"binary_name": "curl"
},
{
"binary_version": "7.58.0-2ubuntu3.24+esm8",
"binary_name": "libcurl3-gnutls"
},
{
"binary_version": "7.58.0-2ubuntu3.24+esm8",
"binary_name": "libcurl3-nss"
},
{
"binary_version": "7.58.0-2ubuntu3.24+esm8",
"binary_name": "libcurl4"
}
]
}Ubuntu:Pro:20.04:LTS
curl
Package
- Name
- curl
- Purl
- pkg:deb/ubuntu/curl?arch=source&distro=esm-infra%2Ffocal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.65.3-1ubuntu3
7.65.3-1ubuntu4
7.66.0-1ubuntu1
7.67.0-2ubuntu1
7.68.0-1ubuntu1
7.68.0-1ubuntu2
7.68.0-1ubuntu2.1
7.68.0-1ubuntu2.2
7.68.0-1ubuntu2.4
7.68.0-1ubuntu2.5
7.68.0-1ubuntu2.6
7.68.0-1ubuntu2.7
7.68.0-1ubuntu2.10
7.68.0-1ubuntu2.11
7.68.0-1ubuntu2.12
7.68.0-1ubuntu2.13
7.68.0-1ubuntu2.14
7.68.0-1ubuntu2.15
7.68.0-1ubuntu2.16
7.68.0-1ubuntu2.18
7.68.0-1ubuntu2.19
7.68.0-1ubuntu2.20
7.68.0-1ubuntu2.21
7.68.0-1ubuntu2.22
7.68.0-1ubuntu2.23
7.68.0-1ubuntu2.24
7.68.0-1ubuntu2.25
7.68.0-1ubuntu2.25+esm2
7.68.0-1ubuntu2.25+esm3
Ecosystem specific
{
"binaries": [
{
"binary_version": "7.68.0-1ubuntu2.25+esm3",
"binary_name": "curl"
},
{
"binary_version": "7.68.0-1ubuntu2.25+esm3",
"binary_name": "libcurl3-gnutls"
},
{
"binary_version": "7.68.0-1ubuntu2.25+esm3",
"binary_name": "libcurl3-nss"
},
{
"binary_version": "7.68.0-1ubuntu2.25+esm3",
"binary_name": "libcurl4"
}
]
}