Vulnerability in Curl

CVE-2026-8932

libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to r…

Affected products

  • Curl — versions 8.20.0, 8.19.0, 8.18.0

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2026-8932?
CVE-2026-8932 is a vulnerability in Curl, classified under CWE-305 AUTHENTICATION BYPASS BY PRIMARY WEAKNESS. Published 2026-07-03.
Is CVE-2026-8932 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.