Curl · Libcurl · CVE-2026-5773
**Name of the Vulnerable Software and Affected Versions**
libcurl (affected versions not specified)
**Description**
A logical error in the connection pooling mechanism may cause libcurl to reuse an incorrect connection for SMB(S) transfers. When reusing a connection, specific criteria must be met; however, a request could wrongfully reuse an existing SMB connection to the same server that utilized a different share than the subsequent transfer requires. This may result in downloading the wrong file or uploading a file to an incorrect location, provided the same credentials and server name are used.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.