Vulnerability in Curl
CVE-2026-8932
libcurl would reuse a previously created connection even when some mTLS config related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to r…
Affected products
- Curl — versions 8.20.0, 8.19.0, 8.18.0
Public proof-of-concept exploits
References
Frequently asked questions
- What is CVE-2026-8932?
- CVE-2026-8932 is a vulnerability in Curl, classified under CWE-305 AUTHENTICATION BYPASS BY PRIMARY WEAKNESS. Published 2026-07-03.
- Is CVE-2026-8932 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.