Description
A flaw was found in libcurl. An application using libcurl that performs an authenticated HTTP(S) request after a Negotiate-authenticated one to the same host may incorrectly reuse the previous connection. This authentication bypass vulnerability allows the second request to be sent over a connection authenticated with different credentials, potentially leading to unauthorized access or information disclosure.
Published: n/a
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An application that uses libcurl for authenticated HTTP(S) requests may incorrectly reuse a connection established with Negotiate authentication. This weakness, identified as CWE-488, allows a second request to a host to be sent over the same connection that was authenticated with different credentials, effectively bypassing authentication. The primary consequence is that an attacker could access resources or information that should be restricted to another user.

Affected Systems

Any software linked against libcurl and performing Negotiate‑authenticated calls to the same host is potentially vulnerable. No specific vendor, product, or version information has been disclosed, so the risk applies broadly to libcurl‑based applications that reuse connections across authentication contexts.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog. The attack vector is inferred to be remote; an attacker could manipulate the target application’s HTTP requests or control the destination host to trigger the flawed reuse. The lack of an exploit probability score and KEV status means the likelihood of exploitation remains uncertain, but the impact of an successful bypass warrants timely remediation.

Generated by OpenCVE AI on May 2, 2026 at 09:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest libcurl release that includes the fix for CVE‑2026‑5545
  • If patching is not immediately possible, modify the application to disable connection reuse for requests that perform Negotiate authentication, ensuring each request establishes a fresh connection
  • Implement a runtime check that verifies authentication state before sending a request or review and enforce proper authentication context handling to prevent unauthorized credential reuse

Generated by OpenCVE AI on May 2, 2026 at 09:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 01 May 2026 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Curl
Curl libcurl
Vendors & Products Curl
Curl libcurl

Fri, 01 May 2026 00:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in libcurl. An application using libcurl that performs an authenticated HTTP(S) request after a Negotiate-authenticated one to the same host may incorrectly reuse the previous connection. This authentication bypass vulnerability allows the second request to be sent over a connection authenticated with different credentials, potentially leading to unauthorized access or information disclosure.
Title curl: libcurl: Authentication bypass due to incorrect HTTP Negotiate connection reuse
Weaknesses CWE-488
References
Metrics threat_severity

None

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}

threat_severity

Moderate

Subscriptions

Curl Libcurl
cve-icon MITRE

No data.

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-29T00:00:00Z

Links: CVE-2026-5545 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T10:00:06Z

Weaknesses