Description
A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not.
References (3)
Core 3
Core References
Scores
CVSS v3
8.1
EPSS
0.0052
EPSS Percentile
40.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-295
Status
published
Products (50)
curl/curl
7.30.0
curl/curl
7.31.0
curl/curl
7.32.0
curl/curl
7.33.0
curl/curl
7.34.0
curl/curl
7.35.0
curl/curl
7.36.0
curl/curl
7.37.0
curl/curl
7.37.1
curl/curl
7.38.0
... and 40 more
Published
Jul 03, 2026
Tracked Since
Jul 03, 2026