SASL Authentication Vulnerability in Curl by cURL, Inc.
CVE-2026-8925

Currently unrated

Key Information:

Vendor

Curl

Status
Vendor
CVE Published:
3 July 2026

What is CVE-2026-8925?

An issue within the Curl logic handling SASL authentication has been identified, where the GSASL context may be improperly managed. This flaw permits the context to be cleaned up multiple times without appropriately resetting the pointer, leading to a potential double free scenario. This could generate instability in applications relying on Curl when using SASL for authentication.

Affected Version(s)

curl 8.20.0

curl 8.19.0

curl 8.18.0

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Joshua Rogers (Aisle Research)
Viktor Szakats
.