CVE-2026-10536
Discovered by AISLEPUBLISHEDCWE-416 Use After Free
Description
A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or `CURLOPT_STREAM_DEPENDS_E`, subsequently invokes `curl_easy_reset()`, and finally terminates the handle with `curl_easy_cleanup()`. During this final cleanup phase, libcurl attempts to access and modify an internal structure that was already freed during the reset operation.
Affected Products
| Vendor | Product | Version | Status |
|---|---|---|---|
| curl | curl | 8.20.0 | affected |
| curl | curl | 8.19.0 | — |
| curl | curl | 8.18.0 | — |
| curl | curl | 8.17.0 | — |
| curl | curl | 8.16.0 | — |
| curl | curl | 8.15.0 | — |
| curl | curl | 8.14.1 | — |
| curl | curl | 8.14.0 | — |
| curl | curl | 8.13.0 | — |
| curl | curl | 8.12.1 | — |
| curl | curl | 8.12.0 | — |
| curl | curl | 8.11.1 | — |
| curl | curl | 8.11.0 | — |
| curl | curl | 8.10.1 | — |
| curl | curl | 8.10.0 | — |
| curl | curl | 8.9.1 | — |
| curl | curl | 8.9.0 | — |
| curl | curl | 8.8.0 | — |
| curl | curl | 8.7.1 | — |
| curl | curl | 8.7.0 | — |
| curl | curl | 8.6.0 | — |
| curl | curl | 8.5.0 | — |
| curl | curl | 8.4.0 | — |
| curl | curl | 8.3.0 | — |
| curl | curl | 8.2.1 | — |
| curl | curl | 8.2.0 | — |
| curl | curl | 8.1.2 | — |
| curl | curl | 8.1.1 | — |
| curl | curl | 8.1.0 | — |
| curl | curl | 8.0.1 | — |
| curl | curl | 8.0.0 | — |
| curl | curl | 7.88.1 | — |
| curl | curl | 7.88.0 | — |
Credits
- Joshua Rogers (Aisle Research)(finder)
- Stefan Eissing(remediation developer)