Diese Seite wurde noch nicht in Ihre Sprache übersetzt. Inhalte werden auf Englisch angezeigt, während wir daran arbeiten.
💡 Keep dependencies up to date — most exploits target known, patchable vulnerabilities.
CVE-2026-5773: SMB Connection Reuse in libcurl
Plattform
c
Komponente
curl
Behoben in
8.19.1
CVE-2026-5773 is a vulnerability in libcurl affecting versions 8.12.0 through 8.19.0. This flaw stems from a logical error in the connection reuse mechanism for SMB(S) transfers, potentially causing applications to download incorrect files. The vulnerability was published on May 13, 2026, and a fix is available in version 8.19.1.
Auswirkungen und Angriffsszenarienwird übersetzt…
The primary impact of CVE-2026-5773 is the potential for unintended data retrieval. An attacker could craft a malicious SMB(S) request that exploits this connection reuse error, causing an application using libcurl to download a file different from what was intended. This could lead to data corruption, unauthorized access to sensitive information, or even the execution of malicious code if the downloaded file is an executable. The blast radius depends on the application using libcurl; a widely used application could expose a large number of systems to this risk. While not directly exploitable for remote code execution, the misdirection of file downloads presents a significant operational and security concern.
Ausnutzungskontextwird übersetzt…
The vulnerability is currently not listed on KEV or EPSS, indicating a low to medium probability of exploitation. Public proof-of-concept (POC) code is not yet available. Given the nature of the vulnerability (misdirection of file downloads), active exploitation campaigns are not currently known, but the potential for abuse exists. Refer to the libcurl security advisory for further details.
Bedrohungsanalyse
Exploit-Status
EPSS
0.02% (5% Perzentil)
Betroffene Software
Schwachstellen-Klassifikation (CWE)
Zeitleiste
- Reserviert
- Veröffentlicht
- EPSS aktualisiert
Mitigation und Workaroundswird übersetzt…
The recommended mitigation for CVE-2026-5773 is to upgrade to libcurl version 8.19.1 or later. If an immediate upgrade is not feasible due to compatibility issues or system downtime constraints, consider implementing temporary workarounds. These might involve disabling SMB(S) connection reuse within the application (if possible) or carefully validating the file paths and shares used in SMB(S) transfers. Network firewalls and intrusion detection systems should be configured to monitor for unusual SMB(S) traffic patterns. After upgrading, confirm the fix by performing a test SMB(S) transfer and verifying that the correct file is downloaded.
So behebenwird übersetzt…
Actualice a la versión 8.19.1 o posterior de libcurl para evitar la reutilización incorrecta de conexiones SMB. Esta vulnerabilidad permite la descarga o carga de archivos incorrectos, por lo que es crucial aplicar la actualización lo antes posible para proteger sus datos.
Häufig gestellte Fragenwird übersetzt…
What is CVE-2026-5773 — SMB Connection Reuse in libcurl?
CVE-2026-5773 is a vulnerability in libcurl versions 8.12.0–8.19.0 where SMB(S) transfers might reuse the wrong connection, potentially leading to unintended file downloads. Severity is pending evaluation.
Am I affected by CVE-2026-5773 in libcurl?
If you are using libcurl versions 8.12.0 through 8.19.0 and perform SMB(S) file transfers, you are potentially affected by this vulnerability. Check your libcurl version using 'curl --version'.
How do I fix CVE-2026-5773 in libcurl?
Upgrade to libcurl version 8.19.1 or later to resolve the vulnerability. If immediate upgrade is not possible, consider temporary workarounds like disabling SMB(S) connection reuse or validating file paths.
Is CVE-2026-5773 being actively exploited?
Currently, there are no known active exploitation campaigns targeting CVE-2026-5773. However, the potential for abuse exists, and monitoring is recommended.
Where can I find the official libcurl advisory for CVE-2026-5773?
Refer to the official libcurl security advisory for detailed information and updates regarding CVE-2026-5773. (Link to advisory would be placed here if available).
Ist dein Projekt betroffen?
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Jetzt testen — kein Konto
Laden Sie ein Manifest hoch (composer.lock, package-lock.json, WordPress Plugin-Liste…) oder fügen Sie Ihre Komponentenliste ein. Sie erhalten sofort einen Schwachstellenbericht. Das Hochladen einer Datei ist nur der Anfang: Mit einem Konto erhalten Sie kontinuierliche Überwachung, Slack/email-Benachrichtigungen, Multi-Projekt- und White-Label-Berichte.
Abhängigkeitsdatei hier ablegen
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...