2 matches found
CVE-2026-9545
In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL...
PT-2026-51754
Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description An issue exists where libcurl may send request data on a new connection before enforcing certificate verification failure. This occurs when a user first connects to a legitimate HTTP/3 server...