CVE-2026-7009 affects versions 8.17.0 through 8.19.0 of curl. This vulnerability arises from a flaw in how curl handles OCSP stapling, a mechanism used to verify the validity of server certificates. If exploited, attackers could potentially bypass certificate validation and intercept sensitive data. A fix is available in version 8.19.1.
影响与攻击场景翻译中…
The core of this vulnerability lies in curl's mishandling of OCSP stapling responses. OCSP stapling is designed to provide real-time certificate revocation status, ensuring that clients only connect to valid certificates. CVE-2026-7009 allows an attacker to present a malicious certificate, and curl will incorrectly validate it as legitimate, even if the certificate has been revoked. This opens the door to man-in-the-middle (MITM) attacks, where an attacker can intercept and potentially modify network traffic between the client and the server. The impact is particularly severe for applications that rely on curl for secure communication, such as web browsers, API clients, and automation scripts. Successful exploitation could lead to data breaches, credential theft, and other malicious activities.
利用背景翻译中…
CVE-2026-7009 was published on May 13, 2026. Its CVSS severity is pending evaluation. No public proof-of-concept (POC) code has been released at the time of writing, but the nature of the vulnerability suggests a moderate likelihood of exploitation once a POC becomes available. Monitor security advisories and threat intelligence feeds for updates on active campaigns targeting this vulnerability. Refer to the curl security advisory for more details.
威胁情报
漏洞利用状态
EPSS
0.01% (1% 百分位)
受影响的软件
弱点分类 (CWE)
时间线
- 已保留
- 发布日期
- EPSS 更新日期
缓解措施和替代方案翻译中…
The primary mitigation for CVE-2026-7009 is to upgrade to curl version 8.19.1 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. While not a complete solution, disabling OCSP stapling can reduce the risk, but it also weakens certificate validation. This can be done by setting the --no-ocs-stapling flag when invoking curl. Monitor network traffic for suspicious activity and consider using a Web Application Firewall (WAF) to detect and block malicious requests. After upgrading, confirm the fix by running curl against a known secure HTTPS endpoint and verifying that certificate validation proceeds as expected.
修复方法翻译中…
Actualice a la versión 8.19.1 o superior para corregir la vulnerabilidad. Esta actualización aborda un problema donde curl no detectaba correctamente problemas de OCSP, lo que podría llevar a una validación incorrecta de certificados.
常见问题翻译中…
What is CVE-2026-7009 — OCSP Stapling Flaw in curl?
CVE-2026-7009 is a vulnerability in curl versions 8.17.0–8.19.0 where OCSP stapling verification fails, potentially allowing man-in-the-middle attacks. It allows attackers to bypass certificate validation and intercept sensitive data.
Am I affected by CVE-2026-7009 in curl?
You are affected if you are using curl versions 8.17.0 through 8.19.0. Check your curl version using curl --version and upgrade if necessary.
How do I fix CVE-2026-7009 in curl?
Upgrade to curl version 8.19.1 or later to resolve the vulnerability. As a temporary workaround, you can disable OCSP stapling using the --no-ocs-stapling flag.
Is CVE-2026-7009 being actively exploited?
No public exploitation has been reported as of May 13, 2026, but the vulnerability's nature suggests a potential for exploitation once a proof-of-concept is available.
Where can I find the official curl advisory for CVE-2026-7009?
Refer to the official curl security advisory, which can be found on the curl project's website or through security mailing lists. Check curl.se for updates.
立即试用 — 无需账户
上传任何清单文件 (composer.lock, package-lock.json, WordPress 插件列表…) 或粘贴您的组件列表。您立即获得一份漏洞报告。上传文件只是开始:拥有账户后,您将获得持续监控、Slack/电子邮件警报、多项目和白标报告。
拖放您的依赖文件
composer.lock、package-lock.json、requirements.txt、Gemfile.lock、pubspec.lock、Dockerfile...