CVE-2026-7168: cross-proxy Digest auth state leak

Bug reported by kilua was disclosed at April 29, 2026, 7:15 am   |   Exposure of Data Element to Wrong Session

CVE-2026-7009: OCSP stapling bypass with Apple SecTrust

Bug reported by Carlos Carrillo Boj was disclosed at April 29, 2026, 7:15 am   |   Improper Certificate Validation

CVE-2026-6253: proxy credentials leak over redirect-to proxy

Bug reported by Dwij Mehta was disclosed at April 29, 2026, 7:15 am   |  

CVE-2026-5545: wrong reuse of HTTP Negotiate connection

Bug reported by quaccws was disclosed at April 29, 2026, 7:15 am   |   Authentication Bypass by Primary Weakness

CVE-2026-6276: stale custom cookie host causes cookie leak

Bug reported by areksa was disclosed at April 29, 2026, 7:14 am   |   Exposure of Data Element to Wrong Session

CVE-2026-6429: netrc credential leak with reused proxy connection

Bug reported by pesudonmy was disclosed at April 29, 2026, 7:14 am   |   Information Exposure Through Sent Data

CVE-2026-4873: connection reuse ignores TLS requirement

Bug reported by Arkadi Vainbrand was disclosed at April 29, 2026, 6:47 am   |   Cleartext Transmission of Sensitive Information

A vulnerability was discovered in libcurl's connection reuse for cleartext-upgrade mail protocols. The vulnerability was that the later transfer's CURLOPT_USE_SSL option was not properly included if a plaintext connection was already open and reusable. This affected the smtp://, pop3://, and imap:// protocols. The vulnerability could allow a later TLS-required mail transfer to be sent over a previously established plaintext connection, contrary to expectation.

CVE-2026-5773: wrong reuse of SMB connection

Bug reported by Osama Hamad was disclosed at April 29, 2026, 6:11 am   |  

A vulnerability was discovered in curl version 8.19.0 and earlier versions that support SMB. The vulnerability was due to the incorrect reuse of SMB connections across different shares on the same server. This led to data spoofing and access control bypass. The issue was caused by the lack of verification of the target share name when reusing an existing connection. As a result, the application could silently fetch data from an unintended share.

PS4 BD-J privilege escalation using nested JAR

Bug reported by was disclosed at April 29, 2026, 5:09 am   |   Privilege Escalation

A PS4 vulnerability was discovered in the Blu-ray Disc Java (BD-J) privilege escalation using nested JAR files. The vulnerability was found in the PS4 system software versions 13.00 to the latest version 13.02. The vulnerability was caused by a discrepancy between the security policy's path canonicalization and the actual class loading path. The security policy granted AllPermission to code that appeared to be loaded from a trusted directory, while the actual code was loaded from an untrusted nested JAR on the Blu-ray disc. This resulted in a Time-of-Check/Time-of-Use (TOCTOU) vulnerability that allowed untrusted code to obtain AllPermission.