HackerOne Bug Bounty Disclosure: silent-tls-trust-model-hijacking-via-curl-ca-bundle-environment-variable-leads-to-mitm-rootsecret
Company Name:
curl
Company HackerOne URL:
https://hackerone.com/curl
Submitted By:
rootsecret3
Link to Submitters Profile:
https://hackerone.com/rootsecret3
Report Title:
Silent TLS Trust Model Hijacking via `CURL_CA_BUNDLE` Environment Variable Leads to MITM
Report Link:
https://hackerone.com/reports/3418776
Date Submitted:
11 November 2025
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.
AI APIs OSINT driven New features
