CVE-2026-9080

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
03/07/2026
Last modified:
03/07/2026

Description

Calling `curl_easy_pause()` within the event-based `CURLMOPT_SOCKETFUNCTION`<br /> callback triggers a use-after-free vulnerability, where libcurl attempts to<br /> store a flag using a dangling struct pointer immediately after that pointer&amp;#39;s<br /> memory has been freed.

Impact