{"api_version":"1","generated_at":"2026-07-03T18:06:40+00:00","cve":"CVE-2026-11564","urls":{"html":"https://cve.report/CVE-2026-11564","api":"https://cve.report/api/cve/CVE-2026-11564.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-11564","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-11564"},"summary":{"title":"Native CA trust persist","description":"libcurl keeps previously used connections in a connection pool for subsequent\ntransfers to reuse if one of them matches the setup.\n\nAn easy handle that first uses default native CA trust can continue trusting\nthe native platform store after the application switches that same handle to\ncustom CA material for a later transfer.","state":"PUBLISHED","assigner":"curl","published_at":"2026-07-03 07:16:23","updated_at":"2026-07-03 07:16:23"},"problem_types":["CWE-295 Improper Certificate Validation"],"metrics":[],"references":[{"url":"https://curl.se/docs/CVE-2026-11564.json","name":"https://curl.se/docs/CVE-2026-11564.json","refsource":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://curl.se/docs/CVE-2026-11564.html","name":"https://curl.se/docs/CVE-2026-11564.html","refsource":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://hackerone.com/reports/3788984","name":"https://hackerone.com/reports/3788984","refsource":"2499f714-1537-4658-8207-48ae4bb9eae9","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-11564","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-11564","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"curl","product":"curl","version":"affected 8.20.0 8.20.0 semver","platforms":[]},{"source":"CNA","vendor":"curl","product":"curl","version":"affected 8.19.0 8.19.0 semver","platforms":[]},{"source":"CNA","vendor":"curl","product":"curl","version":"affected 8.18.0 8.18.0 semver","platforms":[]},{"source":"CNA","vendor":"curl","product":"curl","version":"affected 8.17.0 8.17.0 semver","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Filipe Casal of Trail of Bits in collaboration with OpenAI","lang":"en"},{"source":"CNA","value":"Stefan Eissing","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"curl","vendor":"curl","versions":[{"lessThanOrEqual":"8.20.0","status":"affected","version":"8.20.0","versionType":"semver"},{"lessThanOrEqual":"8.19.0","status":"affected","version":"8.19.0","versionType":"semver"},{"lessThanOrEqual":"8.18.0","status":"affected","version":"8.18.0","versionType":"semver"},{"lessThanOrEqual":"8.17.0","status":"affected","version":"8.17.0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"Filipe Casal of Trail of Bits in collaboration with OpenAI"},{"lang":"en","type":"remediation developer","value":"Stefan Eissing"}],"descriptions":[{"lang":"en","value":"libcurl keeps previously used connections in a connection pool for subsequent\ntransfers to reuse if one of them matches the setup.\n\nAn easy handle that first uses default native CA trust can continue trusting\nthe native platform store after the application switches that same handle to\ncustom CA material for a later transfer."}],"problemTypes":[{"descriptions":[{"description":"CWE-295 Improper Certificate Validation","lang":"en"}]}],"providerMetadata":{"dateUpdated":"2026-07-03T06:12:35.251Z","orgId":"2499f714-1537-4658-8207-48ae4bb9eae9","shortName":"curl"},"references":[{"name":"json","url":"https://curl.se/docs/CVE-2026-11564.json"},{"name":"www","url":"https://curl.se/docs/CVE-2026-11564.html"},{"name":"issue","url":"https://hackerone.com/reports/3788984"}],"title":"Native CA trust persist"}},"cveMetadata":{"assignerOrgId":"2499f714-1537-4658-8207-48ae4bb9eae9","assignerShortName":"curl","cveId":"CVE-2026-11564","datePublished":"2026-07-03T06:12:35.251Z","dateReserved":"2026-06-08T08:22:50.089Z","dateUpdated":"2026-07-03T06:12:35.251Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-07-03 07:16:23","lastModifiedDate":"2026-07-03 07:16:23","problem_types":["CWE-295 Improper Certificate Validation"],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"11564","Ordinal":"1","Title":"Native CA trust persist","CVE":"CVE-2026-11564","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"11564","Ordinal":"1","NoteData":"libcurl keeps previously used connections in a connection pool for subsequent\ntransfers to reuse if one of them matches the setup.\n\nAn easy handle that first uses default native CA trust can continue trusting\nthe native platform store after the application switches that same handle to\ncustom CA material for a later transfer.","Type":"Description","Title":"Native CA trust persist"}]}}}