<Vulnerability name="CVE-2026-8932">
    <DocumentDistribution xml:lang="en">Copyright © 2012 Red Hat, Inc. All rights reserved.</DocumentDistribution>
    <ThreatSeverity>Important</ThreatSeverity>
    <PublicDate>2026-07-03T06:16:30</PublicDate>
    <Bugzilla id="2496759" url="https://bugzilla.redhat.com/show_bug.cgi?id=2496759" xml:lang="en:us">
libcurl: libcurl: Security feature bypass due to improper mTLS connection reuse
    </Bugzilla>
    <CVSS3 status="verified">
        <CVSS3BaseScore>7.5</CVSS3BaseScore>
        <CVSS3ScoringVector>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N</CVSS3ScoringVector>
    </CVSS3>
    <CWE>CWE-1025</CWE>
    <Details xml:lang="en:us" source="Mitre">
libcurl would reuse a previously created connection even when some mTLS config
related option had been changed that should have prohibited reuse.

libcurl keeps previously used connections in a connection pool for subsequent
transfers to reuse if one of them matches the setup. However, some TLS
settings related to client certificates were left out from the configuration
match checks, making them match too easily. In particular options related to
the private key.
    </Details>
    <Details xml:lang="en:us" source="Red Hat">
A flaw was found in curl. The libcurl library, used for transferring data with URLs, could improperly reuse existing network connections. This occurred even when changes to mutual Transport Layer Security (mTLS) settings, particularly those for client certificates, should have prevented such reuse. This issue could lead to a security feature bypass, where a client might use a connection with an unintended or weaker security configuration, potentially compromising the integrity or confidentiality of data.
    </Details>
    <Statement xml:lang="en:us">
This is an Important security feature bypass in libcurl where mTLS connection reuse may occur despite changes to client certificate settings. This could lead to applications using libcurl with mTLS to inadvertently use a less secure connection than intended, potentially compromising data confidentiality or integrity. This issue primarily affects applications that dynamically alter mTLS client certificate configurations and reuse connections.
    </Statement>
    <Mitigation xml:lang="en:us">
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
    </Mitigation>
    <AffectedRelease cpe="cpe:/a:redhat:hummingbird:1">
        <ProductName>Red Hat Hardened Images</ProductName>
        <ReleaseDate>2026-06-24T00:00:00Z</ReleaseDate>
        <Advisory type="RHSA" url="https://access.redhat.com/errata/RHSA-2026:29017">RHSA-2026:29017</Advisory>
        <Package name="curl-main">curl-main-8.21.0-0.1.hum1</Package>
    </AffectedRelease>
    <AffectedRelease cpe="cpe:/a:redhat:hummingbird:1">
        <ProductName>Red Hat Hardened Images</ProductName>
        <ReleaseDate>2026-07-02T00:00:00Z</ReleaseDate>
        <Advisory type="RHSA" url="https://access.redhat.com/errata/RHSA-2026:34975">RHSA-2026:34975</Advisory>
        <Package name="rust-main">rust-main-1.96.1-1.hum1</Package>
    </AffectedRelease>
    <PackageState cpe="cpe:/o:redhat:enterprise_linux:8">
        <ProductName>Red Hat Enterprise Linux 8</ProductName>
        <FixState>Not affected</FixState>
        <PackageName>dotnet8.0</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:jboss_core_services:1">
        <ProductName>Red Hat JBoss Core Services</ProductName>
        <FixState>Affected</FixState>
        <PackageName>libcurl-1.dll</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:jboss_core_services:1">
        <ProductName>Red Hat JBoss Core Services</ProductName>
        <FixState>Affected</FixState>
        <PackageName>libcurl.so</PackageName>
    </PackageState>
    <References xml:lang="en:us">
https://www.cve.org/CVERecord?id=CVE-2026-8932
https://nvd.nist.gov/vuln/detail/CVE-2026-8932
https://curl.se/docs/CVE-2026-8932.html
https://curl.se/docs/CVE-2026-8932.json
https://hackerone.com/reports/3733910
    </References>
</Vulnerability>