CVE-2026-4873: TLS Bypass in curl 8.12.0–8.19.0

The impact of CVE-2026-4873 is significant, as it allows for the interception and modification of sensitive data transmitted over seemingly secure connections. An attacker who can control the initial connection establishment can force curl to reuse an unencrypted connection, enabling them to eavesdrop on or manipulate subsequent data transfers. This could lead to the exposure of credentials, personal information, or other confidential data. The vulnerability is particularly concerning for applications that rely on curl for secure communication with external services, such as automated scripts, CI/CD pipelines, and web applications. The ability to bypass TLS encryption effectively negates the security benefits of using HTTPS, rendering the connection vulnerable to man-in-the-middle attacks.

1. Reserviert2026-03-26
2. Veröffentlicht2026-05-13
3. EPSS aktualisiert2026-05-13

The primary mitigation for CVE-2026-4873 is to upgrade to curl version 8.19.1 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. One approach is to disable connection reuse within curl by setting the --resolve option to explicitly specify the hostname and IP address for each connection. Another workaround involves carefully reviewing and restricting the protocols used by curl to avoid establishing initial cleartext connections. Web application firewalls (WAFs) or proxies can be configured to inspect traffic for suspicious patterns indicative of this exploitation, although this is a less reliable solution. After upgrading, confirm the fix by running curl with TLS enabled and verifying that the connection is properly encrypted using a network analysis tool like Wireshark.