libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a network transfer operation that was requested by an application could wrongfully reuse an existing SMB connection to the same server that was using a different 'share' than the new subsequent transfer should. This could in unlucky situations lead to the download of the wrong file or the upload of a file to the wrong place. When this happens, the same credentials are used and the server name is the same.

An update of the curl package has been released.

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8227-1 advisory.

    It was discovered that curl incorrectly reused non-TLS connections when TLS was required in some STARTTLS     configurations. A remote attacker could possibly use this issue to obtain sensitive information.
    (CVE-2026-4873)

    It was discovered that curl incorrectly reused certain HTTP Negotiate connections. A remote attacker could     possibly use this issue to obtain sensitive information. (CVE-2026-5545)

    It was discovered that curl incorrectly reused certain SMB connections. A remote attacker could possibly     use this issue to obtain sensitive information. (CVE-2026-5773)

    It was discovered that curl could leak proxy credentials when handling redirects in some configurations. A     remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6253)

    It was discovered that curl could leak cookies because of stale custom cookie host handling in some     requests. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6276)

    It was discovered that curl could leak .netrc credentials when reusing proxy connections in some     situations. A remote attacker could possibly use this issue to obtain sensitive information.
    (CVE-2026-6429)

    It was discovered that curl could leak Digest authentication state when switching proxies in some     situations. A remote attacker could possibly use this issue to obtain sensitive information.
    (CVE-2026-7168)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of curl installed on the remote host is 7.40.0 prior to 8.20.0. It is, therefore, affected by a wrong SMB connection reuse vulnerability:

  - libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. The code     erroneously did not consider the share name as a property to match for connection reuse, so subsequent     SMB transfers could incorrectly reuse connections intended for different shares on the same server.
    This could result in downloading incorrect files or uploading files to unintended locations.
    (CVE-2026-5773)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a     pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead.
    When reusing a connection a range of criteria must be met. Due to a logical error in the code, a network     transfer operation that was requested by an application could wrongfully reuse an existing SMB connection     to the same server that was using a different 'share' than the new subsequent transfer should. This could     in unlucky situations lead to the download of the wrong file or the upload of a file to the wrong place.
    When this happens, the same credentials are used and the server name is the same. (CVE-2026-5773)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
313013	Photon OS 5.0: Curl PHSA-2026-5.0-0838	Nessus	PhotonOS Local Security Checks	high
313011	Photon OS 4.0: Curl PHSA-2026-4.0-1007	Nessus	PhotonOS Local Security Checks	high
312298	Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : curl vulnerabilities (USN-8227-1)	Nessus	Ubuntu Local Security Checks	high
311423	Curl 7.40.0 < 8.20.0 Wrong SMB Connection Reuse	Nessus	Misc.	high
311011	Linux Distros Unpatched Vulnerability : CVE-2026-5773	Nessus	Misc.	high

Detections

Analytics

CVE-2026-5773

high

Tenable Plugins

high

high

high

high

high