Cookie Parsing Flaw in Curl Affects Multiple Domains
CVE-2026-8924
Currently unrated
What is CVE-2026-8924?
A vulnerability exists within the cookie parsing logic of Curl, which enables a malicious HTTP server to create 'super cookies'. This flaw circumvents the Public Suffix List check, allowing an attacker to inject cookies that Curl mistakenly associates with unrelated third-party domains. This could lead to unauthorized data sharing and potential exposure of sensitive information to untrustworthy sources.
Affected Version(s)
curl 8.20.0
curl 8.19.0
curl 8.18.0
