resolved
CVE-2026-7168: cross-proxy Digest auth state leak
Bug reported by kilua was disclosed at April 29, 2026, 7:15 am | Exposure of Data Element to Wrong Session
resolved
CVE-2026-7009: OCSP stapling bypass with Apple SecTrust
Bug reported by Carlos Carrillo Boj was disclosed at April 29, 2026, 7:15 am | Improper Certificate Validation
resolved
CVE-2026-6253: proxy credentials leak over redirect-to proxy
Bug reported by Dwij Mehta was disclosed at April 29, 2026, 7:15 am |
resolved
CVE-2026-5545: wrong reuse of HTTP Negotiate connection
Bug reported by quaccws was disclosed at April 29, 2026, 7:15 am | Authentication Bypass by Primary Weakness
resolved
CVE-2026-6276: stale custom cookie host causes cookie leak
Bug reported by areksa was disclosed at April 29, 2026, 7:14 am | Exposure of Data Element to Wrong Session
resolved
CVE-2026-6429: netrc credential leak with reused proxy connection
Bug reported by pesudonmy was disclosed at April 29, 2026, 7:14 am | Information Exposure Through Sent Data
resolved
CVE-2026-4873: connection reuse ignores TLS requirement
Bug reported by Arkadi Vainbrand was disclosed at April 29, 2026, 6:47 am | Cleartext Transmission of Sensitive Information
A vulnerability was discovered in libcurl's connection reuse for cleartext-upgrade mail protocols. The vulnerability was that the later transfer's CURLOPT_USE_SSL option was not properly included if a plaintext connection was already open and reusable. This affected the smtp://, pop3://, and imap:// protocols. The vulnerability could allow a later TLS-required mail transfer to be sent over a previously established plaintext connection, contrary to expectation.
resolved
CVE-2026-5773: wrong reuse of SMB connection
Bug reported by Osama Hamad was disclosed at April 29, 2026, 6:11 am |
A vulnerability was discovered in curl version 8.19.0 and earlier versions that support SMB. The vulnerability was due to the incorrect reuse of SMB connections across different shares on the same server. This led to data spoofing and access control bypass. The issue was caused by the lack of verification of the target share name when reusing an existing connection. As a result, the application could silently fetch data from an unintended share.
resolved
PS4 BD-J privilege escalation using nested JAR
Bug reported by was disclosed at April 29, 2026, 5:09 am | Privilege Escalation
A PS4 vulnerability was discovered in the Blu-ray Disc Java (BD-J) privilege escalation using nested JAR files. The vulnerability was found in the PS4 system software versions 13.00 to the latest version 13.02. The vulnerability was caused by a discrepancy between the security policy's path canonicalization and the actual class loading path. The security policy granted AllPermission to code that appeared to be loaded from a trusted directory, while the actual code was loaded from an untrusted nested JAR on the Blu-ray disc. This resulted in a Time-of-Check/Time-of-Use (TOCTOU) vulnerability that allowed untrusted code to obtain AllPermission.
![[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]](https://64.media.tumblr.com/834502d05f9b014cbc37366fe428a5a7/13cb9841c0799d7a-ff/s500x560/e72398fe92beda2aa80d0329e8b9f4febece7568.gif)
