CVE-2026-8286
ADVISORY - debianSummary
A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not.
- curl 8.21.0~rc2-1 [trixie] - curl (Minor issue) [bookworm] - curl (Minor issue; STARTTLS connection reuse config mismatch) [bullseye] - curl (Minor issue; STARTTLS connection reuse config mismatch) https://curl.se/docs/CVE-2026-8286.html Introduced with: https://github.com/curl/curl/commit/a1701eea289fe7ea80651f801cf992838a491dde (curl-7_30_0) Fixed by: https://github.com/curl/curl/commit/a86efdd7ca5433de9231e650f18247de8319ad16 (rc-8_21_0-1, curl-8_21_0)
EPSS Score: 0.0052 (0.405)
Common Weakness Enumeration (CWE)
Alpine
CREATED
UPDATED
ADVISORY IDCVE-2026-8286
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Debian
CREATED
UPDATED
ADVISORY IDCVE-2026-8286
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2026-8286
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/Alowminimos
CREATED
UPDATED
ADVISORY ID
MINI-w84q-85p5-c5rw
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-xj27-23fq-g3jr
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-