CVE-2026-8932

N/A Unknown
Published: July 03, 2026 Modified: July 03, 2026
View on NVD

Description

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, some TLS settings related to client certificates were left out from the configuration match checks, making them match too easily. In particular options related to the private key.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://curl.se/docs/CVE-2026-8932.html
Source: 2499f714-1537-4658-8207-48ae4bb9eae9
https://curl.se/docs/CVE-2026-8932.json
Source: 2499f714-1537-4658-8207-48ae4bb9eae9
https://hackerone.com/reports/3733910
Source: 2499f714-1537-4658-8207-48ae4bb9eae9

3 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.1%
3th percentile
Exploitation Status
Not in CISA KEV