CVE-2026-5545

Name of the Vulnerable Software and Affected Versions libcurl (affected versions not specified)

Description A logical error in the connection pooling mechanism allows libcurl to reuse an incorrect connection during authenticated HTTP(S) requests to the same host. If an application first performs a request using Negotiate authentication with one set of credentials and subsequently attempts another request to the same server with different credentials while the initial connection is still active, the second request may wrongly reuse the existing connection. This results in the second request being sent over a connection still authenticated with the first user's credentials.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.