CVE Catalog

CVE-2026-8286

Unknown
Published: Translated: NVD NIST

Summary

A vulnerability allows reusing an existing live connection for a new transfer using STARTTLS even when the TLS configuration mismatches. This could lead to unauthorized data access or man-in-the-middle attacks.

Risk Assessment

The organization is at risk of data interception or modification, as TLS connections may be incorrectly shared across different security contexts.

Recommendation

Immediately update to a patched version of the software and enforce strict TLS configuration matching before reusing connections.

Original NVD description (English source)

A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS