CVE-2026-8286

Publication date 26 June 2026

Last updated 2 July 2026


Ubuntu priority

Description

A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not.

Why is this CVE low priority?

Upstream defined this as low severity

Learn more about Ubuntu priority

Status

Package Ubuntu Release Status
curl 26.04 LTS resolute
Fixed 8.18.0-1ubuntu2.2
25.10 questing
Fixed 8.14.1-2ubuntu1.4
24.04 LTS noble
Fixed 8.5.0-2ubuntu10.10
22.04 LTS jammy
Fixed 7.81.0-1ubuntu1.25
20.04 LTS focal
Fixed 7.68.0-1ubuntu2.25+esm4
18.04 LTS bionic
Fixed 7.58.0-2ubuntu3.24+esm9
16.04 LTS xenial
Fixed 7.47.0-1ubuntu2.19+esm16
14.04 LTS trusty
Fixed 7.35.0-1ubuntu2.20+esm20

Get expanded security coverage with Ubuntu Pro

Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.

Get Ubuntu Pro 30-day free trial

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
curl

References

Related Ubuntu Security Notices (USN)

Other references


Access our resources on patching vulnerabilities