CVE-2026-11564

N/A Unknown
Published: July 03, 2026 Modified: July 03, 2026
View on NVD

Description

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA material for a later transfer.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://curl.se/docs/CVE-2026-11564.html
Source: 2499f714-1537-4658-8207-48ae4bb9eae9
https://curl.se/docs/CVE-2026-11564.json
Source: 2499f714-1537-4658-8207-48ae4bb9eae9
https://hackerone.com/reports/3788984
Source: 2499f714-1537-4658-8207-48ae4bb9eae9

3 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.2%
9th percentile
Exploitation Status
Not in CISA KEV