Medium severity5.9NVD Advisory· Published May 13, 2026· Updated May 14, 2026
CVE-2026-4873
CVE-2026-4873
Description
A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request to that same host bypasses the TLS requirement and instead transmit data unencrypted.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9- osv-coords7 versionspkg:rpm/opensuse/curl&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/curl&distro=openSUSE%20Tumbleweedpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/curl&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/curl-mini&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/curl-mini&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 8.14.1-160000.6.1+ 6 more
- (no CPE)range: < 8.14.1-160000.6.1
- (no CPE)range: < 8.20.0-1.1
- (no CPE)range: < 8.14.1-160000.6.1
- (no CPE)range: < 8.14.1-160000.6.1
- (no CPE)range: < 8.14.1-160000.6.1
- (no CPE)range: < 8.14.1-160000.6.1
- (no CPE)range: < 8.14.1-160000.6.1
Patches
Vulnerability mechanics
References
4- www.openwall.com/lists/oss-security/2026/04/29/7nvdMailing ListPatchThird Party Advisory
- curl.se/docs/CVE-2026-4873.htmlnvdPatchVendor Advisory
- hackerone.com/reports/3621851nvdExploitIssue TrackingThird Party Advisory
- curl.se/docs/CVE-2026-4873.jsonnvdVendor Advisory
News mentions
0No linked articles in our index yet.