A subtle connection-reuse bug in libcurl—tracked as CVE-2023-27536—exposed a real-world risk that the library could accidentally reuse an authenticated connection with higher GSSAPI/Kerberos delegation permissions for a subsequent transfer that should have been performed with lower permissions...
