CVE Vulnerabilities

CVE-2026-8286

Improper Certificate Validation

Published: Jul 03, 2026 | Modified: Jul 07, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
8.1 IMPORTANT
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Ubuntu
LOW
root.io logo minimus.io logo echo.ai logo

A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

NameVendorStart VersionEnd Version
CurlHaxx7.30.0 (including)8.21.0 (excluding)
Red Hat Hardened ImagesRedHatrust-main-1.96.1-1.hum1*
CurlUbuntudevel*
CurlUbuntuesm-infra-legacy/trusty*
CurlUbuntuesm-infra-legacy/xenial*
CurlUbuntuesm-infra/bionic*
CurlUbuntuesm-infra/focal*
CurlUbuntujammy*
CurlUbuntunoble*
CurlUbuntuquesting*
CurlUbunturesolute*
CurlUbuntuupstream*

Potential Mitigations

References