SASL Authentication Vulnerability in Curl by cURL, Inc.
CVE-2026-8925
Currently unrated
What is CVE-2026-8925?
An issue within the Curl logic handling SASL authentication has been identified, where the GSASL context may be improperly managed. This flaw permits the context to be cleaned up multiple times without appropriately resetting the pointer, leading to a potential double free scenario. This could generate instability in applications relying on Curl when using SASL for authentication.
Affected Version(s)
curl 8.20.0
curl 8.19.0
curl 8.18.0
