Fluid Attacks Database

Description

A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request to that same host bypasses the TLS requirement and instead transmit data unencrypted.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel8	curl	-	-
rpm rhel9	rust	-	-
rpm rhel10	s390utils	-	-
rpm rhel10	curl	-	-
rpm rhel6	curl	-	-
rpm rhel7	curl	-	-
rpm rhel9	curl	-	-
rpm rhel10	rust	-	-
rpm rhel10	trustee	-	-
rpm rhel10	snphost	-	-

1-10 of 17

Aliases

1. CVE-2026-48732. NVD-2026-48733. OSV-2026-48734. OSV-DEBIAN-2026-48735. SECURITY-TRACKER-CVE-2026-4873

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.