Lucene search
K

12 matches found

OSV
OSV
added 2026/07/03 7:16 a.m.4 views

ALPINE-CVE-2026-11564

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

9.1CVSS6AI score0.0061EPSS
Exploits1References1
NVD
NVD
added 2026/07/03 7:16 a.m.7 views

CVE-2026-11564

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

9.1CVSS0.0061EPSS
Exploits1References3
CVE
CVE
added 2026/07/03 6:12 a.m.22 views

CVE-2026-11564

CVE-2026-11564 (libcurl) describes an issue where libcurl keeps previously used connections in a pool and may continue trusting the native CA store after an application switches a handle to custom CA material for a later transfer. The connected sources confirm this behavior across multiple feeds ...

9.1CVSS6AI score0.0061EPSS
Exploits1References3Affected Software1
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.7 views

Native CA trust persist

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

9.1CVSS5.9AI score0.0061EPSS
Exploits1References1Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.8 views

PT-2026-51741

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description An issue exists in the certificate authentication procedure where the library maintains a connection pool for reusing connections in subsequent transfers. If a handle initially uses the defau...

9.1CVSS6AI score0.0061EPSS
Exploits1References18
Hacker One
Hacker One
added 2026/05/14 11:6 a.m.26 views

curl: Schannel custom-CA path skips Extended Key Usage enforcement

Hi all, We believe the Schannel custom-CA verification path in lib/vtls/schannelverify.c may skip Extended Key Usage enforcement. In particular, a certificate that chains to the trusted custom CA but contains only id-kp-clientAuth, rather than id-kp-serverAuth, may pass peer verification on Windo...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/15 12:0 a.m.6 views

Understanding Student Experiences with TLS Client Authentication

Mutual TLS mTLS provides strong, certificate-based authentication for both clients and servers, yet its adoption for user-facing websites remains rare. This paper presents a longitudinal study of mTLS usability, tracking 46 senior and graduate computer science students who configured client...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/02/20 11:5 p.m.29 views

CVE-2026-27134 Strimzi: All CAs from a custom CA chain consisting of multiple CAs are trusted for mTLS user autentication

Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. In versions 0.49.0 through 0.50.0, when using a custom Cluster or Clients CA with a multistage CA chain consisting of multiple CAs, Strimzi incorrectly configures the trusted...

8.1CVSS0.00365EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/16 9:8 p.m.1 views

CVE-2025-9708 Kubernetes C# Client: improper certificate validation in custom CA mode may lead to man-in-the-middle attacks

A vulnerability exists in the Kubernetes C client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority CA without properly verifying the trust chain. This flaw allows a malicious actor to present a forged certificate and potentially...

6.8CVSS6.4AI score0.00288EPSS
Exploits0References2
Kubernetes Security Advisories
Kubernetes Security Advisories
added 2025/09/15 4:59 a.m.5 views

Kubernetes C# Client: improper certificate validation in custom CA mode may lead to man-in-the-middle attacks

CVSS Rating: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N — Medium 6.8 A vulnerability exists in the Kubernetes C client where the certificate validation logic accepts properly constructed certificates from any Certificate Authority CA without properly verifying the trust chain. This flaw allows ...

6.8CVSS5.8AI score0.00288EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/03/25 7:15 p.m.8 views

CVE-2022-0759

A flaw was found in all versions of kubeclient up to but not including v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not configure custom CA to verify certs, kubeclient ends up accepting any certificate it wrongly returns...

8.1CVSS5.4AI score0.00905EPSS
Exploits0References3
OSV
OSV
added 2018/07/27 1:29 p.m.5 views

CVE-2017-2639

It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization RHEV and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensiti...

7.5CVSS5.8AI score0.01137EPSS
Exploits0References4
Rows per page
Query Builder