Connection Reuse Vulnerability in libcurl Affects Multiple Applications
CVE-2026-8458

Currently unrated

Key Information:

Vendor

Curl

Status
Vendor
CVE Published:
3 July 2026

What is CVE-2026-8458?

A logical error in libcurl may lead to the improper reuse of connections in specific scenarios involving Negotiate authentication. This bug allows applications to mistakenly use a previously established connection intended for a different service, possibly compromising security. Implementing proper checks for connection criteria is critical to avoid potential exploitation of this vulnerability.

Affected Version(s)

curl 8.20.0

curl 8.19.0

curl 8.18.0

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Muhamad Arga Reksapati
Stefan Eissing
.