CVE-2026-9080
N/A
N/A
Summary
Calling curl_easy_pause() within the event-based CURLMOPT_SOCKETFUNCTION
callback triggers a use-after-free vulnerability, where libcurl attempts to
store a flag using a dangling struct pointer immediately after that pointer's
memory has been freed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| curl | curl | 8.20.0 <= 8.20.0 | affected |
| curl | curl | 8.19.0 <= 8.19.0 | affected |
| curl | curl | 8.18.0 <= 8.18.0 | affected |
| curl | curl | 8.17.0 <= 8.17.0 | affected |
| curl | curl | 8.16.0 <= 8.16.0 | affected |
| curl | curl | 8.15.0 <= 8.15.0 | affected |
| curl | curl | 8.14.1 <= 8.14.1 | affected |
| curl | curl | 8.14.0 <= 8.14.0 | affected |
| curl | curl | 8.13.0 <= 8.13.0 | affected |
Weaknesses
- CWE-416 Use After Free
References
- https://curl.se/docs/CVE-2026-9080.json
- https://curl.se/docs/CVE-2026-9080.html
- https://hackerone.com/reports/3749204
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.