Ctrl + K
/ news / CVE
CVEPublished 2026-05-13Modified 2026-05-130 articles on news5 live referencesNVD data

CVE-2026-5545Haxx · Curl

Vulnerability data via NVD (ingested)

CVSS v3.1
6.5
MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
EPSS percentile
Weaknesses (CWE)
CWE-613Insufficient Session Expiration
Description

libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTP(S) request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. An application that first uses Negotiate authentication to a server with `user1:password1` and then does another operation to the same server asking for any authentication method but for `user2:password2` (while the previous connection is still alive) - the second request gets confused and wrongly reuses the same connection and sends the new request over that connection thinking it uses a mix of user1's and user2's credentials when it is in fact still using the connection authenticated for user1...

Timeline
Published 2026-05-13
Modified 2026-05-13

External references

NVDMITREExploit-DBSploitusVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2026-5545
Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · product
product:"Haxx Curl"
All exposed Haxx Curl instances — cross-reference with the CVE's affected-version range.
Shodan · banner/body mention
http.html:"Curl"
HTTP body or banner mentions "Curl" — catches deploys Shodan didn't identify as a product.
More intel sources (5)
Shodan report
vuln:CVE-2026-5545
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-5545
Censys host search filtered to this CVE id.
grep.app
CVE-2026-5545
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-5545
GitHub code search for direct mentions.
Google dork
"CVE-2026-5545" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (6)

CVE-2026-55456 repos
fran-olivares/usulnetGo
Open-source Docker infrastructure platform. One web UI — containers, security, DNS, VPN, monitoring, backups, reverse proxy, terminal, and multi-node orchestration. Replace a dozen…
★ 116·updated 2w ago
maxgfr/awesome-starsunknown
List of repositories that I liked on Github
★ 22·updated today
nvdigitalsolutions/mcp-ai-wpoosPHP
NV Digital Open Operator System (NVoOS) is an Object-Oriented AI framework for WordPress connecting your data with OpenAI, Gemini, Anthropic, DeepSeek, Hugging Face, Cloudflare, Op…
★ 5·updated today
Correia-jpv/fucking-awesome-javaunknown
A curated list of awesome frameworks, libraries and software for the Java programming language. With repository stars⭐ and forks🍴
★ 4·updated today
blamejs/blamejsJavaScript
The Node framework that owns its stack.
★ 3·updated today
jdecool/stars-feedunknown
A curated list of my GitHub stars
★ 1·updated today
We haven't classified any articles referencing CVE-2026-5545 yet. The external references above still apply.