此页面尚未翻译为您的语言。我们正在努力翻译,目前显示英文内容。
💡 Keep dependencies up to date — most exploits target known, patchable vulnerabilities.
CVE-2026-5773 is a vulnerability in libcurl affecting versions 8.12.0 through 8.19.0. This flaw stems from a logical error in the connection reuse mechanism for SMB(S) transfers, potentially causing applications to download incorrect files. The vulnerability was published on May 13, 2026, and a fix is available in version 8.19.1.
影响与攻击场景翻译中…
The primary impact of CVE-2026-5773 is the potential for unintended data retrieval. An attacker could craft a malicious SMB(S) request that exploits this connection reuse error, causing an application using libcurl to download a file different from what was intended. This could lead to data corruption, unauthorized access to sensitive information, or even the execution of malicious code if the downloaded file is an executable. The blast radius depends on the application using libcurl; a widely used application could expose a large number of systems to this risk. While not directly exploitable for remote code execution, the misdirection of file downloads presents a significant operational and security concern.
利用背景翻译中…
The vulnerability is currently not listed on KEV or EPSS, indicating a low to medium probability of exploitation. Public proof-of-concept (POC) code is not yet available. Given the nature of the vulnerability (misdirection of file downloads), active exploitation campaigns are not currently known, but the potential for abuse exists. Refer to the libcurl security advisory for further details.
威胁情报
漏洞利用状态
EPSS
0.02% (5% 百分位)
受影响的软件
弱点分类 (CWE)
时间线
- 已保留
- 发布日期
- EPSS 更新日期
缓解措施和替代方案翻译中…
The recommended mitigation for CVE-2026-5773 is to upgrade to libcurl version 8.19.1 or later. If an immediate upgrade is not feasible due to compatibility issues or system downtime constraints, consider implementing temporary workarounds. These might involve disabling SMB(S) connection reuse within the application (if possible) or carefully validating the file paths and shares used in SMB(S) transfers. Network firewalls and intrusion detection systems should be configured to monitor for unusual SMB(S) traffic patterns. After upgrading, confirm the fix by performing a test SMB(S) transfer and verifying that the correct file is downloaded.
修复方法翻译中…
Actualice a la versión 8.19.1 o posterior de libcurl para evitar la reutilización incorrecta de conexiones SMB. Esta vulnerabilidad permite la descarga o carga de archivos incorrectos, por lo que es crucial aplicar la actualización lo antes posible para proteger sus datos.
常见问题翻译中…
What is CVE-2026-5773 — SMB Connection Reuse in libcurl?
CVE-2026-5773 is a vulnerability in libcurl versions 8.12.0–8.19.0 where SMB(S) transfers might reuse the wrong connection, potentially leading to unintended file downloads. Severity is pending evaluation.
Am I affected by CVE-2026-5773 in libcurl?
If you are using libcurl versions 8.12.0 through 8.19.0 and perform SMB(S) file transfers, you are potentially affected by this vulnerability. Check your libcurl version using 'curl --version'.
How do I fix CVE-2026-5773 in libcurl?
Upgrade to libcurl version 8.19.1 or later to resolve the vulnerability. If immediate upgrade is not possible, consider temporary workarounds like disabling SMB(S) connection reuse or validating file paths.
Is CVE-2026-5773 being actively exploited?
Currently, there are no known active exploitation campaigns targeting CVE-2026-5773. However, the potential for abuse exists, and monitoring is recommended.
Where can I find the official libcurl advisory for CVE-2026-5773?
Refer to the official libcurl security advisory for detailed information and updates regarding CVE-2026-5773. (Link to advisory would be placed here if available).
立即试用 — 无需账户
上传任何清单文件 (composer.lock, package-lock.json, WordPress 插件列表…) 或粘贴您的组件列表。您立即获得一份漏洞报告。上传文件只是开始:拥有账户后,您将获得持续监控、Slack/电子邮件警报、多项目和白标报告。
拖放您的依赖文件
composer.lock、package-lock.json、requirements.txt、Gemfile.lock、pubspec.lock、Dockerfile...