cve 2026 1965

CVE-2026-1965 is a security vulnerability in libcurl's Negotiate authentication code, disclosed and fixed in curl version 8.19.0 on March 11, 2026. The flaw allows a request to reuse a connection authenticated for a different user, leading to wrong-identity reuse and credential confusion. This issue affects systems using libcurl for network communications, potentially exposing authenticated sessions to unauthorized access. The WindowsForum.com thread discusses the background, impact, and remediation steps for CVE-2026-1965, emphasizing the importance of updating to the patched version to mitigate risks.