Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-9vbs-w124-q3au
SummaryWhen curl is told to use the Certificate Status Request TLS extension, often referred to as *OCSP stapling*, to verify that the server certificate is valid, it fails to detect OCSP problems and instead wrongly consider the response as fine.
Aliases
0
alias CVE-2026-7009
Fixed_packages
0
url pkg:apk/alpine/curl@8.20.0-r0?arch=aarch64&distroversion=edge&reponame=main
purl pkg:apk/alpine/curl@8.20.0-r0?arch=aarch64&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@8.20.0-r0%3Farch=aarch64&distroversion=edge&reponame=main
1
url pkg:apk/alpine/curl@8.20.0-r0?arch=armhf&distroversion=edge&reponame=main
purl pkg:apk/alpine/curl@8.20.0-r0?arch=armhf&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@8.20.0-r0%3Farch=armhf&distroversion=edge&reponame=main
2
url pkg:apk/alpine/curl@8.20.0-r0?arch=armv7&distroversion=edge&reponame=main
purl pkg:apk/alpine/curl@8.20.0-r0?arch=armv7&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@8.20.0-r0%3Farch=armv7&distroversion=edge&reponame=main
3
url pkg:apk/alpine/curl@8.20.0-r0?arch=loongarch64&distroversion=edge&reponame=main
purl pkg:apk/alpine/curl@8.20.0-r0?arch=loongarch64&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@8.20.0-r0%3Farch=loongarch64&distroversion=edge&reponame=main
4
url pkg:apk/alpine/curl@8.20.0-r0?arch=ppc64le&distroversion=edge&reponame=main
purl pkg:apk/alpine/curl@8.20.0-r0?arch=ppc64le&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@8.20.0-r0%3Farch=ppc64le&distroversion=edge&reponame=main
5
url pkg:apk/alpine/curl@8.20.0-r0?arch=riscv64&distroversion=edge&reponame=main
purl pkg:apk/alpine/curl@8.20.0-r0?arch=riscv64&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@8.20.0-r0%3Farch=riscv64&distroversion=edge&reponame=main
6
url pkg:apk/alpine/curl@8.20.0-r0?arch=s390x&distroversion=edge&reponame=main
purl pkg:apk/alpine/curl@8.20.0-r0?arch=s390x&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@8.20.0-r0%3Farch=s390x&distroversion=edge&reponame=main
7
url pkg:apk/alpine/curl@8.20.0-r0?arch=x86&distroversion=edge&reponame=main
purl pkg:apk/alpine/curl@8.20.0-r0?arch=x86&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@8.20.0-r0%3Farch=x86&distroversion=edge&reponame=main
8
url pkg:apk/alpine/curl@8.20.0-r0?arch=x86_64&distroversion=edge&reponame=main
purl pkg:apk/alpine/curl@8.20.0-r0?arch=x86_64&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@8.20.0-r0%3Farch=x86_64&distroversion=edge&reponame=main
9
url pkg:deb/debian/curl@0?distro=trixie
purl pkg:deb/debian/curl@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie
10
url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie
purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18p4-rvxz-pkeu
1
vulnerability VCID-1dw3-33ju-jkbs
2
vulnerability VCID-1m1w-rayk-sffe
3
vulnerability VCID-21ff-tazv-9ud3
4
vulnerability VCID-287k-bzqy-n7ag
5
vulnerability VCID-39qh-jayw-g3dh
6
vulnerability VCID-5un8-xymy-37bt
7
vulnerability VCID-6ggz-pa5t-77c4
8
vulnerability VCID-7wqd-99h2-e7hk
9
vulnerability VCID-85qb-zec7-subc
10
vulnerability VCID-a8z6-bswu-jue8
11
vulnerability VCID-bcuq-n4vb-k7f3
12
vulnerability VCID-f9nm-d5ax-qkcb
13
vulnerability VCID-fcb7-8163-muf4
14
vulnerability VCID-g7ux-4vz2-ckfg
15
vulnerability VCID-h4nw-va5b-23ef
16
vulnerability VCID-hhms-2hg6-nke9
17
vulnerability VCID-ns58-vmsz-5ued
18
vulnerability VCID-nwvb-d466-4uaa
19
vulnerability VCID-p155-gbtu-abg1
20
vulnerability VCID-secz-78pt-dben
21
vulnerability VCID-ucyf-faft-33bv
22
vulnerability VCID-v82t-s9e1-2fbw
23
vulnerability VCID-w8ff-vxga-8qcz
24
vulnerability VCID-wgur-psum-pbck
25
vulnerability VCID-y44u-23he-aya8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie
11
url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie
purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1dw3-33ju-jkbs
1
vulnerability VCID-21ff-tazv-9ud3
2
vulnerability VCID-39qh-jayw-g3dh
3
vulnerability VCID-5un8-xymy-37bt
4
vulnerability VCID-7wqd-99h2-e7hk
5
vulnerability VCID-bcuq-n4vb-k7f3
6
vulnerability VCID-ezve-gc2h-qyga
7
vulnerability VCID-f9nm-d5ax-qkcb
8
vulnerability VCID-fcb7-8163-muf4
9
vulnerability VCID-g7ux-4vz2-ckfg
10
vulnerability VCID-gux4-dncg-h7a6
11
vulnerability VCID-hhms-2hg6-nke9
12
vulnerability VCID-p155-gbtu-abg1
13
vulnerability VCID-secz-78pt-dben
14
vulnerability VCID-ucyf-faft-33bv
15
vulnerability VCID-v82t-s9e1-2fbw
16
vulnerability VCID-w8ff-vxga-8qcz
17
vulnerability VCID-wgur-psum-pbck
18
vulnerability VCID-y44u-23he-aya8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie
12
url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u3?distro=trixie
purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21ff-tazv-9ud3
1
vulnerability VCID-39qh-jayw-g3dh
2
vulnerability VCID-5un8-xymy-37bt
3
vulnerability VCID-7wqd-99h2-e7hk
4
vulnerability VCID-bcuq-n4vb-k7f3
5
vulnerability VCID-f9nm-d5ax-qkcb
6
vulnerability VCID-fcb7-8163-muf4
7
vulnerability VCID-fxgf-t3ue-6qhf
8
vulnerability VCID-g7ux-4vz2-ckfg
9
vulnerability VCID-gux4-dncg-h7a6
10
vulnerability VCID-hhms-2hg6-nke9
11
vulnerability VCID-p155-gbtu-abg1
12
vulnerability VCID-secz-78pt-dben
13
vulnerability VCID-v82t-s9e1-2fbw
14
vulnerability VCID-w8ff-vxga-8qcz
15
vulnerability VCID-wgur-psum-pbck
16
vulnerability VCID-y44u-23he-aya8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u3%3Fdistro=trixie
13
url pkg:deb/debian/curl@8.20.0-2?distro=trixie
purl pkg:deb/debian/curl@8.20.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-2%3Fdistro=trixie
14
url pkg:deb/debian/curl@8.20.0-5?distro=trixie
purl pkg:deb/debian/curl@8.20.0-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0-5%3Fdistro=trixie
15
url pkg:generic/curl.se/curl@8.20.0
purl pkg:generic/curl.se/curl@8.20.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0
Affected_packages
0
url pkg:generic/curl.se/curl@8.17.0
purl pkg:generic/curl.se/curl@8.17.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21ff-tazv-9ud3
1
vulnerability VCID-39qh-jayw-g3dh
2
vulnerability VCID-5un8-xymy-37bt
3
vulnerability VCID-7wqd-99h2-e7hk
4
vulnerability VCID-9vbs-w124-q3au
5
vulnerability VCID-bcuq-n4vb-k7f3
6
vulnerability VCID-f9nm-d5ax-qkcb
7
vulnerability VCID-fcb7-8163-muf4
8
vulnerability VCID-fxgf-t3ue-6qhf
9
vulnerability VCID-g7ux-4vz2-ckfg
10
vulnerability VCID-gux4-dncg-h7a6
11
vulnerability VCID-hhms-2hg6-nke9
12
vulnerability VCID-secz-78pt-dben
13
vulnerability VCID-t45k-skv6-cfg2
14
vulnerability VCID-v82t-s9e1-2fbw
15
vulnerability VCID-w8ff-vxga-8qcz
16
vulnerability VCID-wgur-psum-pbck
17
vulnerability VCID-y44u-23he-aya8
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.17.0
1
url pkg:generic/curl.se/curl@8.18.0
purl pkg:generic/curl.se/curl@8.18.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39qh-jayw-g3dh
1
vulnerability VCID-5un8-xymy-37bt
2
vulnerability VCID-9vbs-w124-q3au
3
vulnerability VCID-bcuq-n4vb-k7f3
4
vulnerability VCID-f9nm-d5ax-qkcb
5
vulnerability VCID-fxgf-t3ue-6qhf
6
vulnerability VCID-g7ux-4vz2-ckfg
7
vulnerability VCID-hhms-2hg6-nke9
8
vulnerability VCID-secz-78pt-dben
9
vulnerability VCID-w8ff-vxga-8qcz
10
vulnerability VCID-wgur-psum-pbck
11
vulnerability VCID-y44u-23he-aya8
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0
2
url pkg:generic/curl.se/curl@8.19.0
purl pkg:generic/curl.se/curl@8.19.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5un8-xymy-37bt
1
vulnerability VCID-9vbs-w124-q3au
2
vulnerability VCID-bcuq-n4vb-k7f3
3
vulnerability VCID-f9nm-d5ax-qkcb
4
vulnerability VCID-g7ux-4vz2-ckfg
5
vulnerability VCID-secz-78pt-dben
6
vulnerability VCID-w8ff-vxga-8qcz
7
vulnerability VCID-wgur-psum-pbck
resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.19.0
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-7009
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.01997
published_at 2026-06-05T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.01979
published_at 2026-06-08T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.01994
published_at 2026-06-07T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.02005
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-7009
1
reference_url https://curl.se/docs/CVE-2026-7009.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Medium
scoring_system cvssv3.1
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T14:20:11Z/
url https://curl.se/docs/CVE-2026-7009.html
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://hackerone.com/reports/3694390
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T14:20:11Z/
url https://hackerone.com/reports/3694390
4
reference_url https://curl.se/docs/CVE-2026-7009.json
reference_id CVE-2026-7009.json
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T14:20:11Z/
url https://curl.se/docs/CVE-2026-7009.json
Weaknesses
0
cwe_id 295
name Improper Certificate Validation
description The product does not validate, or incorrectly validates, a certificate.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity4.8
Risk_score2.4
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-9vbs-w124-q3au