CVE-2026-9545 in libcURLinfo

Summary

by MITRE • 07/03/2026

In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate.

When libcurl returns to the hostname the second time with a cached SSL session (`CURLOPT_SSL_SESSIONID_CACHE` is not disabled) and early data enabled (the `CURLSSLOPT_EARLYDATA` bit is set in `CURLOPT_SSL_OPTIONS`), libcurl might send off the second request's bytes on that new connection *before* enforcing the certificate verification failure. Potentially leaking sensitive information.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 07/03/2026

This vulnerability represents a sophisticated SSL session resumption flaw in libcurl that exploits the interaction between HTTP/3 connections, cached SSL sessions, and early data transmission. The issue manifests when libcurl maintains a cached SSL session identifier for a hostname and subsequently reconnects to a malicious server impersonating the original host. The vulnerability occurs specifically when both CURLOPT_SSL_SESSIONID_CACHE is enabled and CURLSSLOPT_EARLYDATA is set in CURLOPT_SSL_OPTIONS, creating a window where connection establishment precedes certificate validation. When an attacker replaces a legitimate HTTP/3 server with an impostor machine lacking proper SSL certificates, the client may proceed with sending application data before completing the certificate verification process. This timing discrepancy allows for potential information leakage during the early data transmission phase, as the system sends bytes over the connection before confirming the authenticity of the server's certificate.

The technical implementation of this vulnerability involves multiple layers of protocol interaction and caching mechanisms within libcurl's SSL handling subsystem. When a cached SSL session is reused, the client attempts to perform session resumption without properly validating that the new connection matches the expected server identity. The HTTP/3 protocol's early data feature exacerbates this issue by allowing application data transmission during the handshake process itself. According to the CWE catalog, this scenario corresponds to CWE-295 "Improper Certificate Validation" combined with CWE-310 "Cryptographic Issues", specifically targeting the improper handling of SSL session resumption in certificate validation workflows. The vulnerability's root cause lies in the failure to enforce strict certificate verification before transmitting application data, creating a race condition between connection establishment and security validation.

The operational impact of this vulnerability extends beyond simple information disclosure to encompass potential man-in-the-middle attacks and credential theft scenarios. When an attacker successfully replaces a legitimate server with their own machine, users may unknowingly transmit sensitive data over connections that appear secure but lack proper certificate validation. This issue particularly affects applications using HTTP/3 with early data capabilities, where the timing window for certificate validation is minimal. The vulnerability could enable attackers to capture session tokens, authentication credentials, or other sensitive information transmitted during the early data phase of the connection. Organizations relying on libcurl for web communications face significant risk exposure, especially in environments where cached SSL sessions are actively used and HTTP/3 with early data is enabled.

Mitigation strategies must address both the immediate protocol-level issues and broader architectural concerns within libcurl's SSL handling. The primary recommendation involves disabling SSL session caching when using early data features, specifically by setting CURLOPT_SSL_SESSIONID_CACHE to 0 or implementing explicit certificate validation before allowing early data transmission. Administrators should also consider implementing strict certificate pinning mechanisms and monitoring for unauthorized server replacements in production environments. From an ATT&CK framework perspective, this vulnerability maps to T1566 "Phishing" and T1046 "Network Service Scanning" through the exploitation of trust relationships established during SSL session resumption. The recommended approach includes updating libcurl to versions with patched SSL handling mechanisms, implementing network-level monitoring for certificate mismatches, and establishing robust certificate validation policies that prevent premature data transmission during connection establishment phases.

Responsible

Curl

Reservation

05/26/2026

Disclosure

07/03/2026

Moderation

accepted

CPE

ready

EPSS

0.00134

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!