CVE-2026-11564
ADVISORY - debianSummary
libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA material for a later transfer.
- curl 8.21.0~rc2-1 [trixie] - curl (Vulnerable code not present) [bookworm] - curl (Vulnerable code not present) [bullseye] - curl (Vulnerable code not present) https://curl.se/docs/CVE-2026-11564.html Introduced with: https://github.com/curl/curl/commit/eefd03c572996e5de4dec4fe295ad6f103e0eefc (curl-8_17_0) Fixed by: https://github.com/curl/curl/commit/d69bfad3fa3daf5e72331f6870667607828d5891 (rc-8_21_0-2, curl-8_21_0)
EPSS Score: 0.00479 (0.379)
Common Weakness Enumeration (CWE)
Alpine
CREATED
UPDATED
ADVISORY IDCVE-2026-11564
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Debian
CREATED
UPDATED
ADVISORY IDCVE-2026-11564
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AlowUbuntu
CREATED
UPDATED
ADVISORY IDCVE-2026-11564
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/Alowminimos
CREATED
UPDATED
ADVISORY ID
MINI-9w2g-x6c2-777x
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-x6rh-925x-jq96
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-