libcurl keeps previously used connections in a connection pool for subsequent
transfers to reuse if one of them matches the setup.
An easy handle that first uses default native CA trust can continue trusting
the native platform store after the application switches that same handle to
custom CA material for a later transfer.
References
| Link | Resource |
|---|---|
| https://curl.se/docs/CVE-2026-11564.html | Patch Vendor Advisory |
| https://curl.se/docs/CVE-2026-11564.json | Vendor Advisory |
| https://hackerone.com/reports/3788984 | Exploit Issue Tracking Third Party Advisory |
| https://hackerone.com/reports/3788984 | Exploit Issue Tracking Third Party Advisory |
Configurations
History
07 Jul 2026, 18:00
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://curl.se/docs/CVE-2026-11564.html - Patch, Vendor Advisory | |
| References | () https://curl.se/docs/CVE-2026-11564.json - Vendor Advisory | |
| References | () https://hackerone.com/reports/3788984 - Exploit, Issue Tracking, Third Party Advisory | |
| CPE | cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* | |
| CWE | CWE-295 | |
| First Time |
Haxx curl
Haxx |
06 Jul 2026, 18:16
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
| References | () https://hackerone.com/reports/3788984 - |
03 Jul 2026, 07:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-07-03 07:16
Updated : 2026-07-07 18:00
NVD link : CVE-2026-11564
Mitre link : CVE-2026-11564
CVE.ORG link : CVE-2026-11564
JSON object : View
Products Affected
haxx
- curl
CWE
CWE-295
Improper Certificate Validation
