HighPublic exploit

Wrong reuse of SMB connection in libcurl

IdentifiersCVE-2026-5773CWE-488

CVE-2026-5773 is a low-severity logic flaw in libcurl's SMB(S) connection reuse handling. libcurl maintains a pool of recent connections and reuses them when connection properties match. Due to a logical error, an SMB connection to a given server could be reused for a subsequent transfer targeting a different SMB share on the same server, because the share name was not correctly treated as a required reuse discriminator. In affected versions, this can cause an application request to operate over an existing SMB connection associated with the wrong share, resulting in a download of the wrong file or an upload to the wrong location. The issue affects libcurl and the curl command-line tool in versions 7.40.0 through 8.19.0 inclusive and was fixed in 8.20.0 by ensuring SMB connections are never reused.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful triggering of the flaw can cause data to be read from or written to the wrong SMB share on the same server while using the same credentials. The practical impact is integrity and confidentiality related: an application may download unintended content instead of the requested file, or upload data to an unintended location. Based on the provided information, this does not provide code execution or privilege escalation by itself; the primary consequence is cross-share misdirection of file operations within the same authenticated SMB session context.

Mitigation

If you can’t patch tonight, do this now.

Avoid using SMB(S) transfers with affected libcurl versions until patched. Where operationally feasible, disable or do not compile in SMB support; the provided content notes SMB support became opt-in starting with 8.20.0 and is planned for removal later in 2026. As a compensating control, reduce reliance on connection reuse for SMB workflows if possible and validate transfer destinations and retrieved content when interacting with SMB shares on the same server.

Remediation

Patch, then assume compromise.

Upgrade curl/libcurl to version 8.20.0 or later, where the issue is fixed by disabling SMB connection reuse. If immediate upgrade is not possible, apply the upstream patch associated with commit 74a169575d6412d and rebuild libcurl. Verify that deployed applications and bundled libcurl copies are updated, as libcurl may be an indirect dependency.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

HaxxCurlapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

8 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

8 SOURCESView more in app

linuxsecurityNews

Jun 11, 2026

Langflow Critical Arbitrary File Write Path Traversal Vuln 2026-5027

A high-severity path traversal vulnerability in Langflow's file upload functionality that allows arbitrary file write via crafted multipart filenames sent to POST /api/v2/files.

daniel haxx seNews

Apr 29, 2026

curl 8.20.0 | daniel.haxx.se

A curl vulnerability involving improper reuse of an SMB connection.

curlNews

Apr 29, 2026

curl - wrong reuse of SMB connection - CVE-2026-5773

A low-severity libcurl/curl vulnerability where SMB connections could be incorrectly reused across different shares on the same server, potentially causing files to be downloaded from or uploaded to the wrong location.

linuxsecurityNews

Apr 8, 2022

Protect Your Online Privacy: Essential Techniques To Avoid Tracking

Mentioned only as a recent search term; no vulnerability details are provided in the content.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity4

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-5773

NVD

nvd.nist.gov/vuln/detail/CVE-2026-5773

MITRE CWE · CWE-488

cwe.mitre.org

Patch

openwall.com/lists/oss-security/2026/04/29/9

Patch

curl.se/docs/CVE-2026-5773.html

Vendor Advisory

curl.se/docs/CVE-2026-5773.json

Third Party Advisory

hackerone.com/reports/3650689