Gratis scannen
Analyse in behandelingCVE-2026-5773

CVE-2026-5773: SMB Connection Reuse in libcurl

Platform

c

Component

curl

Opgelost in

8.19.1

Bekijk op NVD
Opslaan

CVE-2026-5773 is a vulnerability in libcurl affecting versions 8.12.0 through 8.19.0. This flaw stems from a logical error in the connection reuse mechanism for SMB(S) transfers, potentially causing applications to download incorrect files. The vulnerability was published on May 13, 2026, and a fix is available in version 8.19.1.

Impact en Aanvalsscenarioswordt vertaald…

The primary impact of CVE-2026-5773 is the potential for unintended data retrieval. An attacker could craft a malicious SMB(S) request that exploits this connection reuse error, causing an application using libcurl to download a file different from what was intended. This could lead to data corruption, unauthorized access to sensitive information, or even the execution of malicious code if the downloaded file is an executable. The blast radius depends on the application using libcurl; a widely used application could expose a large number of systems to this risk. While not directly exploitable for remote code execution, the misdirection of file downloads presents a significant operational and security concern.

Uitbuitingscontextwordt vertaald…

The vulnerability is currently not listed on KEV or EPSS, indicating a low to medium probability of exploitation. Public proof-of-concept (POC) code is not yet available. Given the nature of the vulnerability (misdirection of file downloads), active exploitation campaigns are not currently known, but the potential for abuse exists. Refer to the libcurl security advisory for further details.

Dreigingsinformatie

Exploit Status

Proof of ConceptOnbekend
CISA KEVNO
Rapporten1 dreigingsrapport

EPSS

0.02% (5% percentiel)

Getroffen Software

Componentcurl
Leveranciercurl
Minimumversie8.12.0
Maximumversie8.19.0
Opgelost in8.19.1

Zwakheidsclassificatie (CWE)

CWE-488

Tijdlijn

  1. Gereserveerd
  2. Gepubliceerd
  3. EPSS bijgewerkt

Mitigatie en Workaroundswordt vertaald…

The recommended mitigation for CVE-2026-5773 is to upgrade to libcurl version 8.19.1 or later. If an immediate upgrade is not feasible due to compatibility issues or system downtime constraints, consider implementing temporary workarounds. These might involve disabling SMB(S) connection reuse within the application (if possible) or carefully validating the file paths and shares used in SMB(S) transfers. Network firewalls and intrusion detection systems should be configured to monitor for unusual SMB(S) traffic patterns. After upgrading, confirm the fix by performing a test SMB(S) transfer and verifying that the correct file is downloaded.

Hoe te verhelpenwordt vertaald…

Actualice a la versión 8.19.1 o posterior de libcurl para evitar la reutilización incorrecta de conexiones SMB. Esta vulnerabilidad permite la descarga o carga de archivos incorrectos, por lo que es crucial aplicar la actualización lo antes posible para proteger sus datos.

Veelgestelde vragenwordt vertaald…

What is CVE-2026-5773 — SMB Connection Reuse in libcurl?

CVE-2026-5773 is a vulnerability in libcurl versions 8.12.0–8.19.0 where SMB(S) transfers might reuse the wrong connection, potentially leading to unintended file downloads. Severity is pending evaluation.

Am I affected by CVE-2026-5773 in libcurl?

If you are using libcurl versions 8.12.0 through 8.19.0 and perform SMB(S) file transfers, you are potentially affected by this vulnerability. Check your libcurl version using 'curl --version'.

How do I fix CVE-2026-5773 in libcurl?

Upgrade to libcurl version 8.19.1 or later to resolve the vulnerability. If immediate upgrade is not possible, consider temporary workarounds like disabling SMB(S) connection reuse or validating file paths.

Is CVE-2026-5773 being actively exploited?

Currently, there are no known active exploitation campaigns targeting CVE-2026-5773. However, the potential for abuse exists, and monitoring is recommended.

Where can I find the official libcurl advisory for CVE-2026-5773?

Refer to the official libcurl security advisory for detailed information and updates regarding CVE-2026-5773. (Link to advisory would be placed here if available).

Is jouw project getroffen?

Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.

Gratis scannenCVEs zoeken
livefree scan

Probeer het nu — geen account

Upload een manifest (composer.lock, package-lock.json, WordPress pluginlijst…) of plak uw componentenlijst. U ontvangt direct een kwetsbaarheidsrapport. Een bestand uploaden is slechts het begin: met een account krijgt u continue monitoring, Slack/e-mail alerts, multi-project en white-label rapporten.

Manual scanSlack/email alertsscanZone.capMonitorWhite-label reports

Sleep uw afhankelijkheidsbestand hierheen

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...