Lucene search
K

4 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-54919

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL backend versions from 0.33.0 through 0.46.1, when cpp-httplib is built with CPPHTTPLIBMBEDTLSSUPPORT or CPPHTTPLIBWOLFSSLSUPPORT and a...

7.4CVSS0.00264EPSS
Exploits0References3
CVE
CVE
added 4 days ago13 views

CVE-2026-54919

cpp-httplib on Mbed TLS and wolfSSL backends was vulnerable to a TLS certificate chain verification bypass for IP-literal hosts (affecting v0.31.0–0.46.1) when server verification was enabled; SSLClient/Client could skip chain validation and Mbed TLS WebSocketClient could skip verification. The i...

7.4CVSS6.9AI score0.00264EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2026/06/26 8:40 a.m.21 views

curl: mbedTLS / wolfSSL / rustls backends silently skip hostname verification when CURLOPT_SSL_VERIFYPEER=0

Summary When an application sets CURLOPTSSLVERIFYPEER=0 while keeping CURLOPTSSLVERIFYHOST=2 the default, the mbedTLS, wolfSSL, and rustls TLS backends silently skip the hostname-vs-certificate check. The OpenSSL, GnuTLS, and Schannel backends correctly preserve hostname checking under the same...

6.1AI score
Exploits0
Hacker One
Hacker One
added 2026/05/13 11:33 p.m.43 views

curl: TLS verifyhost bypass in rustls, mbedTLS, and wolfSSL when verifypeer=0

The now-well-known CURLOPTSSLVERIFYHOST-bypass-when-CURLOPTSSLVERIFYPEER=0 defect exists in three of curl's TLS backends: rustls EXPERIMENTAL, mbedTLS, and wolfSSL DNS hostnames only. The documented contract at docs/libcurl/opts/CURLOPTSSLVERIFYPEER.md:57-59: The check that the host name in the...

5.8CVSS6.5AI score0.04888EPSS
Exploits0
Rows per page
Query Builder