Vulnerability in Curl

CVE-2026-8286

A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not.

Affected products

  • Curl — versions 8.20.0, 8.19.0, 8.18.0

References