無料スキャン

このページはまだあなたの言語に翻訳されていません。翻訳作業中のため、英語でコンテンツを表示しています。

💡 Keep dependencies up to date — most exploits target known, patchable vulnerabilities.

分析待ちCVE-2026-5773

CVE-2026-5773: SMB Connection Reuse in libcurl

プラットフォーム

c

コンポーネント

curl

修正版

8.19.1

NVDで見る
保存
あなたの言語に翻訳中…

CVE-2026-5773 is a vulnerability in libcurl affecting versions 8.12.0 through 8.19.0. This flaw stems from a logical error in the connection reuse mechanism for SMB(S) transfers, potentially causing applications to download incorrect files. The vulnerability was published on May 13, 2026, and a fix is available in version 8.19.1.

影響と攻撃シナリオ翻訳中…

The primary impact of CVE-2026-5773 is the potential for unintended data retrieval. An attacker could craft a malicious SMB(S) request that exploits this connection reuse error, causing an application using libcurl to download a file different from what was intended. This could lead to data corruption, unauthorized access to sensitive information, or even the execution of malicious code if the downloaded file is an executable. The blast radius depends on the application using libcurl; a widely used application could expose a large number of systems to this risk. While not directly exploitable for remote code execution, the misdirection of file downloads presents a significant operational and security concern.

悪用の状況翻訳中…

The vulnerability is currently not listed on KEV or EPSS, indicating a low to medium probability of exploitation. Public proof-of-concept (POC) code is not yet available. Given the nature of the vulnerability (misdirection of file downloads), active exploitation campaigns are not currently known, but the potential for abuse exists. Refer to the libcurl security advisory for further details.

脅威インテリジェンス

エクスプロイト状況

概念実証不明
CISA KEVNO
レポート1 脅威レポート

EPSS

0.02% (5% パーセンタイル)

影響を受けるソフトウェア

コンポーネントcurl
ベンダーcurl
最小バージョン8.12.0
最大バージョン8.19.0
修正版8.19.1

弱点分類 (CWE)

CWE-488

タイムライン

  1. 予約済み
  2. 公開日
  3. EPSS 更新日

緩和策と回避策翻訳中…

The recommended mitigation for CVE-2026-5773 is to upgrade to libcurl version 8.19.1 or later. If an immediate upgrade is not feasible due to compatibility issues or system downtime constraints, consider implementing temporary workarounds. These might involve disabling SMB(S) connection reuse within the application (if possible) or carefully validating the file paths and shares used in SMB(S) transfers. Network firewalls and intrusion detection systems should be configured to monitor for unusual SMB(S) traffic patterns. After upgrading, confirm the fix by performing a test SMB(S) transfer and verifying that the correct file is downloaded.

修正方法翻訳中…

Actualice a la versión 8.19.1 o posterior de libcurl para evitar la reutilización incorrecta de conexiones SMB. Esta vulnerabilidad permite la descarga o carga de archivos incorrectos, por lo que es crucial aplicar la actualización lo antes posible para proteger sus datos.

よくある質問翻訳中…

What is CVE-2026-5773 — SMB Connection Reuse in libcurl?

CVE-2026-5773 is a vulnerability in libcurl versions 8.12.0–8.19.0 where SMB(S) transfers might reuse the wrong connection, potentially leading to unintended file downloads. Severity is pending evaluation.

Am I affected by CVE-2026-5773 in libcurl?

If you are using libcurl versions 8.12.0 through 8.19.0 and perform SMB(S) file transfers, you are potentially affected by this vulnerability. Check your libcurl version using 'curl --version'.

How do I fix CVE-2026-5773 in libcurl?

Upgrade to libcurl version 8.19.1 or later to resolve the vulnerability. If immediate upgrade is not possible, consider temporary workarounds like disabling SMB(S) connection reuse or validating file paths.

Is CVE-2026-5773 being actively exploited?

Currently, there are no known active exploitation campaigns targeting CVE-2026-5773. However, the potential for abuse exists, and monitoring is recommended.

Where can I find the official libcurl advisory for CVE-2026-5773?

Refer to the official libcurl security advisory for detailed information and updates regarding CVE-2026-5773. (Link to advisory would be placed here if available).

あなたのプロジェクトは影響を受けていますか?

依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。

無料スキャンCVEを検索
scanZone.liveBadgescanZone.eyebrow

今すぐ試す — アカウント不要

Upload any manifest (composer.lock, package-lock.json, WordPress plugin list…) or paste your component list. You get a vulnerability report instantly. Uploading a file is just the start: with an account you get continuous monitoring, Slack/email alerts, multi-project and white-label reports.

手動スキャンSlack/メールアラートContinuous monitoringホワイトラベルレポート

依存関係ファイルをドラッグ&ドロップ

composer.lock、package-lock.json、requirements.txt、Gemfile.lock、pubspec.lock、Dockerfile...

CVE-2026-5773 — Vulnerability Details | NextGuard