{ "threat_severity" : "Moderate", "public_date" : "2026-04-29T00:00:00Z", "bugzilla" : { "description" : "curl: curl: Information disclosure due to incorrect TLS connection reuse", "id" : "2461200", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2461200" }, "cvss3" : { "cvss3_base_score" : "5.3", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "status" : "verified" }, "cwe" : "CWE-319", "details" : [ "A flaw was found in curl. A remote attacker could exploit this by initiating an unencrypted connection (via IMAP, SMTP, or POP3) and then making a subsequent request to the same host that requires Transport Layer Security (TLS). Due to incorrect connection reuse, the subsequent request would bypass the TLS requirement, leading to the transmission of sensitive information in cleartext. This vulnerability, categorized as Cleartext Transmission of Sensitive Information (CWE-319), results in information disclosure." ], "statement" : "Moderate: This flaw in curl allows for information disclosure when an unencrypted connection is incorrectly reused for a subsequent request that expects TLS. This can lead to the cleartext transmission of sensitive data, potentially affecting Red Hat products that utilize curl for IMAP, SMTP, or POP3 connections where connection reuse is enabled.", "affected_release" : [ { "product_name" : "Red Hat Hardened Images", "release_date" : "2026-05-02T00:00:00Z", "advisory" : "RHSA-2026:12916", "cpe" : "cpe:/a:redhat:hummingbird:1", "package" : "curl-main-8.20.0-0.1.hum1" } ], "package_state" : [ { "product_name" : "Confidential Compute Attestation", "fix_state" : "Fix deferred", "package_name" : "build-of-trustee/trustee-rhel9", "cpe" : "cpe:/a:redhat:confidential_compute_attestation:1" }, { "product_name" : "Confidential Compute Attestation", "fix_state" : "Fix deferred", "package_name" : "confidential-compute-attestation-tech-preview/trustee-rhel9", "cpe" : "cpe:/a:redhat:confidential_compute_attestation:1" }, { "product_name" : "Confidential Compute Attestation", "fix_state" : "Fix deferred", "package_name" : "openshift-sandboxed-containers/osc-operator-bundle", "cpe" : "cpe:/a:redhat:confidential_compute_attestation:1" }, { "product_name" : "Confidential Compute Attestation", "fix_state" : "Fix deferred", "package_name" : "openshift-sandboxed-containers/osc-podvm-builder-rhel9", "cpe" : "cpe:/a:redhat:confidential_compute_attestation:1" }, { "product_name" : "Confidential Compute Attestation", "fix_state" : "Fix deferred", "package_name" : "openshift-sandboxed-containers/osc-podvm-payload-rhel9", "cpe" : "cpe:/a:redhat:confidential_compute_attestation:1" }, { "product_name" : "Confidential Compute Attestation", "fix_state" : "Fix deferred", "package_name" : "openshift-sandboxed-containers/osc-rhel9-operator", "cpe" : "cpe:/a:redhat:confidential_compute_attestation:1" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Fix deferred", "package_name" : "openshift-logging/cluster-logging-operator-bundle", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Fix deferred", "package_name" : "openshift-logging/cluster-logging-rhel9-operator", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Fix deferred", "package_name" : "openshift-logging/eventrouter-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Fix deferred", "package_name" : "openshift-logging/fluentd-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Fix deferred", "package_name" : "openshift-logging/log-file-metric-exporter-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Fix deferred", "package_name" : "openshift-logging/logging-view-plugin-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Fix deferred", "package_name" : "openshift-logging/vector-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "curl", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "rust", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "s390utils", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "snphost", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "trustee", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "trustee-guest-components", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Fix deferred", "package_name" : "curl", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "curl", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "curl", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "curl", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "rust", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "snphost", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "trustee-guest-components", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Fix deferred", "package_name" : "rust", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" }, { "product_name" : "Red Hat Hardened Images", "fix_state" : "Not affected", "package_name" : "rust", "cpe" : "cpe:/a:redhat:hummingbird:1" }, { "product_name" : "Red Hat JBoss Core Services", "fix_state" : "Fix deferred", "package_name" : "curl", "cpe" : "cpe:/a:redhat:jboss_core_services:1" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Fix deferred", "package_name" : "rhcos", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Fix deferred", "package_name" : "devspaces/code-rhel9", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat Trusted Profile Analyzer", "fix_state" : "Fix deferred", "package_name" : "rhtpa/rhtpa-trustification-service-rhel9", "cpe" : "cpe:/a:redhat:trusted_profile_analyzer:2" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-4873\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-4873\nhttps://curl.se/docs/CVE-2026-4873.html" ], "name" : "CVE-2026-4873", "mitigation" : { "value" : "To mitigate this issue, avoid using clear-text IMAP, POP3, or SMTP transfers with curl. Ensure that all connections for these protocols are initiated with TLS from the outset to prevent the reuse of unencrypted connections.", "lang" : "en:us" }, "csaw" : false }