9.1
CVE-2026-11564
- EPSS 0.61%
- Veröffentlicht 03.07.2026 06:12:35
- Zuletzt bearbeitet 07.07.2026 18:00:35
- Quelle 2499f714-1537-4658-8207-48ae4b
- CVE-Watchlists
- Unerledigt
Native CA trust persist
libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA material for a later transfer.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.61% | 0.45 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
https://hackerone.com/reports/3788984
https://curl.se/docs/CVE-2026-11564.html
https://curl.se/docs/CVE-2026-11564.json