CVE-2026-4873

ADVISORY - nist

Summary

A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request to that same host bypasses the TLS requirement and instead transmit data unencrypted.

EPSS Score⁠: 0.00018 (0.049)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-295⁠

Improper Certificate Validation

CWE-319⁠

Cleartext Transmission of Sensitive Information

ADVISORY - redhat

CWE-319⁠

Cleartext Transmission of Sensitive Information

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.