Home / Vulnerability Intelligence / CVE-2026-5773

CVE-2026-5773 - Vulnerability Analysis

HighCVSS: 7.5

Last Updated: May 13, 2026

libcurl - File Misplacement via SMB Connection Reuse

Published: May 13, 2026Updated: May 13, 2026PoC AvailableRemote Exploitable

Overview

libcurl contains a file misplacement vulnerability caused by a logical error in connection reuse for SMB(S) transfers, letting attackers cause file download or upload to wrong locations, exploit requires same server and credentials.

Severity & Score

Severity: High

CVSS Score: 7.5

Impact

Attackers can cause files to be downloaded or uploaded to incorrect locations, potentially leading to data loss or leakage.

Mitigation

Update to the latest libcurl version with the fix.

References

https://curl.se/docs/CVE-2026-5773.html
https://curl.se/docs/CVE-2026-5773.json
https://hackerone.com/reports/3650689
http://www.openwall.com/lists/oss-security/2026/04/29/9

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-5773
Severity: High
CVSS Score: 7.5
Type: undefined
Status: confirmed

CWE

CWE-918

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N