Vulnerability in Curl
CVE-2026-9545
In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcur…
Affected products
- Curl — versions 8.20.0, 8.19.0, 8.18.0