Use-After-Free Vulnerability in libcurl Affects Multiple Applications
CVE-2026-9080
Currently unrated
What is CVE-2026-9080?
A use-after-free vulnerability exists in libcurl, triggered when the curl_easy_pause() function is called within the context of the event-based CURLMOPT_SOCKETFUNCTION callback. This issue may allow attackers to exploit the dangling struct pointer, leading to potential arbitrary code execution or application instability. Proper handling and updates are crucial to mitigate the risks associated with this vulnerability.
Affected Version(s)
curl 8.20.0
curl 8.19.0
curl 8.18.0
