CVE-2026-8286
No CVSS score published
Source data as of:
At a glance
- Severity
- No CVSS score published
- CVSS
- No CVSS score in the NVD record
- EPSS
- EPSS not provided by FIRST.org for this CVE
- CISA KEV
- No
- Published
- 2026-07-03 · Modified: 2026-07-03
- References
- Jump to references (3)
CVSS / EPSS / KEV
Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources
Description
A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not.
References
Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.
- Reference https://curl.se/docs/CVE-2026-8286.html
- Reference https://curl.se/docs/CVE-2026-8286.json
- Reference https://hackerone.com/reports/3718195