CVE-2026-9080

Discovered by AISLEPUBLISHEDCWE-416 Use After Free

Description

Calling `curl_easy_pause()` within the event-based `CURLMOPT_SOCKETFUNCTION` callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed.

Affected Products

VendorProductVersionStatus
curlcurl8.20.0affected
curlcurl8.19.0
curlcurl8.18.0
curlcurl8.17.0
curlcurl8.16.0
curlcurl8.15.0
curlcurl8.14.1
curlcurl8.14.0
curlcurl8.13.0

Credits

  • Joshua Rogers (Aisle Research)(finder)
  • Daniel Stenberg(remediation developer)

References