CVE-2026-7009

Published: Mag 13, 2026 Last Modified: Mag 13, 2026
ExploitDB:
Other exploit source:
Google Dorks:

Description

AI Translation Available

When curl is told to use the Certificate Status Request TLS extension, often
referred to as *OCSP stapling*, to verify that the server certificate is
valid, it fails to detect OCSP problems and instead wrongly consider the
response as fine.

https://curl.se/docs/CVE-2026-7009.html
https://curl.se/docs/CVE-2026-7009.html
https://curl.se/docs/CVE-2026-7009.json
https://curl.se/docs/CVE-2026-7009.json
https://hackerone.com/reports/3694390
https://hackerone.com/reports/3694390
http://www.openwall.com/lists/oss-security/2026/04/29/12
http://www.openwall.com/lists/oss-security/2026/04/29/12