libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.
[
{
"vendor": "curl",
"product": "curl",
"versions": [
{
"version": "8.6.0",
"status": "affected",
"lessThanOrEqual": "8.6.0",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]