CVE-2026-11564
libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA material for a later transfer.
Ver en NVDAnálisis
libcurl has a critical vulnerability in its connection pooling logic. An application that switches a handle from default system CAs to a custom certificate authority may continue to trust the system store for subsequent transfers. This can lead to unexpected trust in certificates and potential man-in-the-middle risks in environments requiring strict certificate pinning or private CAs.
Roles relevantes
Severidad
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NEPSS
Descripción técnica
libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA material for a later transfer.