Vulnerability Details CVE-2026-8925
The curl logic that works with SASL authentication could end up cleaning up
the GSASL context *twice* without clearing the pointer in between, making it
`free()` the same pointer twice.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 51.0%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2026-8925
-
cpe:2.3:a:haxx:curl:8.15.0
-
cpe:2.3:a:haxx:curl:8.16.0
-
cpe:2.3:a:haxx:curl:8.17.0
-
cpe:2.3:a:haxx:curl:8.18.0