CVEFinder.io

CVE-2026-7009

🔶 medium
🔍 Scan for this CVE
Summary

When curl is told to use the Certificate Status Request TLS extension, often referred to as *OCSP stapling*, to verify that the server certificate is valid, it fails to detect OCSP problems and instead wrongly consider the response as fine.

CVSS Score
5.3
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-13
First Seen: 2026-05-17
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 19.7% of all 329,456 vulnerabilities in our database.

#264,595
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 13, 2026
🔍 Exploitation Status
Poc
Proof-of-concept available
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Partial
Limited system impact
🏆 Discovered By
Carlos Carrillo Stefan Eissing (remediation developer)
SSVC data provided by CISA
Last Modified 2026-05-14
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE IDs (Weakness Types)
CWE-295

📦 Affected Products 1

Vendor Product Status Affected Versions
haxx curl Affected
> 8.17.0 < 8.20.0

🔗 References 4

https://curl.se/docs/CVE-2026-7009.html
Patch Vendor Advisory
https://curl.se/docs/CVE-2026-7009.json
Product
https://hackerone.com/reports/3694390
Exploit Issue Tracking Patch
http://www.openwall.com/lists/oss-security/2026/04/2...
Mailing List Patch Third Party Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-4873 🔶 medium 5.9 0.0 A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the s... 2026-05-13
CVE-2026-6253 🔶 medium 5.9 0.0 curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following cond... 2026-05-13
CVE-2026-6276 ⚠️ high 7.5 0.0 Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done u... 2026-05-13
CVE-2026-6429 🔶 medium 5.3 0.0 When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, libcurl could leak the password use... 2026-05-13
CVE-2026-7168 🔶 medium 5.3 0.1 Successfully using libcurl to do a transfer over a specific HTTP proxy (`proxyA`) with **Digest** authentication and the... 2026-05-13
CVE-2026-1965 🔶 medium 6.5 0.1 libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS r... 2026-03-11
These CVEs affect the same products