Detections
Analytics
EulerOS Virtualization 2.12.1 : curl (EulerOS-SA-2026-2072)
medium Nessus Plugin ID 319393
Synopsis
The remote EulerOS Virtualization host is missing multiple security updates.Description
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request.libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead.When reusing a connection a range of criterion must first be met.
Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. One underlying reason being that Negotiate sometimes authenticates *connections* and not *requests*, contrary to how HTTP is designed to work.An application that allows Negotiate authentication to a server (that responds wanting Negotiate) with `user1:password1` and then does another operation to the same server also using Negotiate but with `user2:password2` (while the previous connection is still alive) - the second request wrongly reused the same connection and since it then sees that the Negotiate negotiation is already made, it just sends the request over that connection thinking it uses the user2 credentials when it is in fact still using the connection authenticated for user1...The set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.Applications can disable libcurl's reuse of connections and thus mitigate this problem, by using one of the following libcurl options to alter how connections are or are not reused: `CURLOPT_FRESH_CONNECT`,`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the curl_multi API).(CVE-2026-1965)
curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy.The proper behavior is to create or use a separate connection.(CVE-2026-3784)
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances.If the hostname that the first request is redirected to has information in the used .netrc file, with either of the `machine` or `default` keywords, curl would pass on the bearer token set for the first host also to the second one.(CVE-2026-3783)
Tenable has extracted the preceding description block directly from the EulerOS Virtualization curl security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected curl packages.See Also
Plugin Details
Severity: Medium
ID: 319393
File Name: EulerOS_SA-2026-2072.nasl
Version: 1.1
Type: Local
Family: Huawei Local Security Checks
Published: 6/6/2026
Updated: 6/6/2026
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.3
Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:C/A:N
CVSS Score Source: CVE-2026-1965
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS Score Source: CVE-2026-3784
Vulnerability Information
CPE: cpe:/o:huawei:euleros:uvp:2.12.1, p-cpe:/a:huawei:euleros:curl, p-cpe:/a:huawei:euleros:libcurl
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/uvp_version
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 6/2/2026
Vulnerability Publication Date: 3/11/2026