CVE-2022-22576

CVE-2022-22576

Vendor N/A
Product https://github.com/curl/curl
Weakness CWE-287 · Improper authentication
Published May 26, 2022
Last update May 27, 2026

CVSS base score

What the vulnerability does

01Description

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).

Key dates

02Disclosure timeline

May 26, 2022 CVE published
May 27, 2026 Record updated