CVE-2026-8286

HIGH

curl - Wrong STARTTLS Connection Reuse

Title source: rule
STIX 2.1

Description

A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not.

Scores

CVSS v3 8.1
EPSS 0.0052
EPSS Percentile 40.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-295
Status published
Products (50)
curl/curl 7.30.0
curl/curl 7.31.0
curl/curl 7.32.0
curl/curl 7.33.0
curl/curl 7.34.0
curl/curl 7.35.0
curl/curl 7.36.0
curl/curl 7.37.0
curl/curl 7.37.1
curl/curl 7.38.0
... and 40 more
Published Jul 03, 2026
Tracked Since Jul 03, 2026