VDB

ANCHORE-2026-7009

ANCHORE-2026-7009 PUBLISHED

When curl is told to use the Certificate Status Request TLS extension, often referred to as *OCSP stapling*, to verify that the server certificate is valid, it fails to detect OCSP problems and instead wrongly consider the response as fine.

Affected Products

VendorProductVersions
curlcurl8.17.0

Timeline

  • May 13, 2026 CVE Published
  • May 13, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›