CVE-2026-9080
Discovered by AISLEPUBLISHEDCWE-416 Use After Free
Description
Calling `curl_easy_pause()` within the event-based `CURLMOPT_SOCKETFUNCTION` callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed.
Affected Products
| Vendor | Product | Version | Status |
|---|---|---|---|
| curl | curl | 8.20.0 | affected |
| curl | curl | 8.19.0 | — |
| curl | curl | 8.18.0 | — |
| curl | curl | 8.17.0 | — |
| curl | curl | 8.16.0 | — |
| curl | curl | 8.15.0 | — |
| curl | curl | 8.14.1 | — |
| curl | curl | 8.14.0 | — |
| curl | curl | 8.13.0 | — |
Credits
- Joshua Rogers (Aisle Research)(finder)
- Daniel Stenberg(remediation developer)