Esta página ainda não foi traduzida para o seu idioma. Exibindo conteúdo em inglês enquanto trabalhamos nisso.
💡 Keep dependencies up to date — most exploits target known, patchable vulnerabilities.
CVE-2026-5773: SMB Connection Reuse in libcurl
Plataforma
c
Componente
curl
Corrigido em
8.19.1
CVE-2026-5773 is a vulnerability in libcurl affecting versions 8.12.0 through 8.19.0. This flaw stems from a logical error in the connection reuse mechanism for SMB(S) transfers, potentially causing applications to download incorrect files. The vulnerability was published on May 13, 2026, and a fix is available in version 8.19.1.
Impacto e Cenários de Ataquetraduzindo…
The primary impact of CVE-2026-5773 is the potential for unintended data retrieval. An attacker could craft a malicious SMB(S) request that exploits this connection reuse error, causing an application using libcurl to download a file different from what was intended. This could lead to data corruption, unauthorized access to sensitive information, or even the execution of malicious code if the downloaded file is an executable. The blast radius depends on the application using libcurl; a widely used application could expose a large number of systems to this risk. While not directly exploitable for remote code execution, the misdirection of file downloads presents a significant operational and security concern.
Contexto de Exploraçãotraduzindo…
The vulnerability is currently not listed on KEV or EPSS, indicating a low to medium probability of exploitation. Public proof-of-concept (POC) code is not yet available. Given the nature of the vulnerability (misdirection of file downloads), active exploitation campaigns are not currently known, but the potential for abuse exists. Refer to the libcurl security advisory for further details.
Inteligência de Ameaças
Status do Exploit
EPSS
0.02% (percentil 5%)
Software Afetado
Classificação de Fraqueza (CWE)
Linha do tempo
- Reservado
- Publicada
- EPSS atualizado
Mitigação e Soluções Alternativastraduzindo…
The recommended mitigation for CVE-2026-5773 is to upgrade to libcurl version 8.19.1 or later. If an immediate upgrade is not feasible due to compatibility issues or system downtime constraints, consider implementing temporary workarounds. These might involve disabling SMB(S) connection reuse within the application (if possible) or carefully validating the file paths and shares used in SMB(S) transfers. Network firewalls and intrusion detection systems should be configured to monitor for unusual SMB(S) traffic patterns. After upgrading, confirm the fix by performing a test SMB(S) transfer and verifying that the correct file is downloaded.
Como corrigirtraduzindo…
Actualice a la versión 8.19.1 o posterior de libcurl para evitar la reutilización incorrecta de conexiones SMB. Esta vulnerabilidad permite la descarga o carga de archivos incorrectos, por lo que es crucial aplicar la actualización lo antes posible para proteger sus datos.
Perguntas frequentestraduzindo…
What is CVE-2026-5773 — SMB Connection Reuse in libcurl?
CVE-2026-5773 is a vulnerability in libcurl versions 8.12.0–8.19.0 where SMB(S) transfers might reuse the wrong connection, potentially leading to unintended file downloads. Severity is pending evaluation.
Am I affected by CVE-2026-5773 in libcurl?
If you are using libcurl versions 8.12.0 through 8.19.0 and perform SMB(S) file transfers, you are potentially affected by this vulnerability. Check your libcurl version using 'curl --version'.
How do I fix CVE-2026-5773 in libcurl?
Upgrade to libcurl version 8.19.1 or later to resolve the vulnerability. If immediate upgrade is not possible, consider temporary workarounds like disabling SMB(S) connection reuse or validating file paths.
Is CVE-2026-5773 being actively exploited?
Currently, there are no known active exploitation campaigns targeting CVE-2026-5773. However, the potential for abuse exists, and monitoring is recommended.
Where can I find the official libcurl advisory for CVE-2026-5773?
Refer to the official libcurl security advisory for detailed information and updates regarding CVE-2026-5773. (Link to advisory would be placed here if available).
Seu projeto está afetado?
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Experimente agora — sem conta
Faça upload de qualquer manifesto (composer.lock, package-lock.json, lista de plugins WordPress…) ou cole sua lista de componentes. Receba um relatório de vulnerabilidades instantaneamente. Fazer upload de um arquivo é só o começo: com uma conta, você obtém monitoramento contínuo, alertas por Slack/email, relatórios multiprojeto e white-label.
Arraste e solte seu arquivo de dependências
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...