CVE-2026-5773

Name of the Vulnerable Software and Affected Versions libcurl (affected versions not specified)

Description A logical error in the connection pooling mechanism may cause libcurl to reuse an incorrect connection for SMB(S) transfers. When reusing a connection, specific criteria must be met; however, a request could wrongfully reuse an existing SMB connection to the same server that utilized a different share than the subsequent transfer requires. This may result in downloading the wrong file or uploading a file to an incorrect location, provided the same credentials and server name are used.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.