CVE-2026-5545

*** Pendiente de traducción *** libcurl might in some circumstances reuse the wrong connection when asked to<br /> do an authenticated HTTP(S) request after a Negotiate-authenticated one, when<br /> both use the same host.<br /> <br /> libcurl features a pool of recent connections so that subsequent requests can<br /> reuse an existing connection to avoid overhead.<br /> <br /> When reusing a connection a range of criteria must be met. Due to a logical<br /> error in the code, a request that was issued by an application could<br /> wrongfully reuse an existing connection to the same server that was<br /> authenticated using different credentials.<br /> <br /> An application that first uses Negotiate authentication to a server with<br /> `user1:password1` and then does another operation to the same server asking<br /> for any authentication method but for `user2:password2` (while the previous<br /> connection is still alive) - the second request gets confused and wrongly<br /> reuses the same connection and sends the new request over that connection<br /> thinking it uses a mix of user1&amp;#39;s and user2&amp;#39;s credentials when it is in fact<br /> still using the connection authenticated for user1...