7.5
CVE-2026-9545
- EPSS 0.41%
- Veröffentlicht 03.07.2026 06:17:55
- Zuletzt bearbeitet 07.07.2026 15:03:56
- Quelle 2499f714-1537-4658-8207-48ae4b
- CVE-Watchlists
- Unerledigt
exposing HTTP/3 early data
In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL session (`CURLOPT_SSL_SESSIONID_CACHE` is not disabled) and early data enabled (the `CURLSSLOPT_EARLYDATA` bit is set in `CURLOPT_SSL_OPTIONS`), libcurl might send off the second request's bytes on that new connection *before* enforcing the certificate verification failure. Potentially leaking sensitive information.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.41% | 0.328 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
https://hackerone.com/reports/3752888
https://curl.se/docs/CVE-2026-9545.html
https://curl.se/docs/CVE-2026-9545.json