CVE Catalog

CVE-2026-11564

Unknown
Published: Translated: NVD NIST

Summary

A vulnerability in libcurl causes an easy handle that first uses default native CA trust to continue trusting the native platform store after switching to custom CA material for a later transfer. This occurs because libcurl reuses previously used connections from a connection pool.

Risk Assessment

The organization may unknowingly use incorrect CA certificates, leading to improper TLS connection authentication and potential data transmission security breaches.

Recommendation

It is recommended to update libcurl to a version that fixes this vulnerability and to review CA trust configurations in applications using libcurl.

Original NVD description (English source)

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA material for a later transfer.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS