CVE-2026-9545
CVE-2026-9545 affects curl/libcurl when using HTTP/3 with early data and a cached SSL session. If a site is replaced by an attacker’s impostor on a second transfer, and early data is enabled while the SSL session cache is not disabled, curl may send the second request’s bytes before certificate v...