CVE-2026-9080
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
03/07/2026
Last modified:
03/07/2026
Description
Calling `curl_easy_pause()` within the event-based `CURLMOPT_SOCKETFUNCTION`<br />
callback triggers a use-after-free vulnerability, where libcurl attempts to<br />
store a flag using a dangling struct pointer immediately after that pointer&#39;s<br />
memory has been freed.



