CVE Catalog

CVE-2026-8925

Unknown
Published: Translated: NVD NIST

Summary

A double-free vulnerability has been found in the curl library's SASL authentication mechanism. The bug causes the GSASL context to be cleaned up twice without clearing the pointer, resulting in free() being called on the same memory region.

Risk Assessment

A double-free vulnerability can cause application crashes, data corruption, or potentially allow remote code execution by an attacker, posing a serious risk to the stability and security of systems using curl.

Recommendation

Immediately update the curl library to the latest version that includes a fix for the double-free in SASL handling. Before updating, consider limiting the use of SASL authentication in applications that rely on curl.

Original NVD description (English source)

The curl logic that works with SASL authentication could end up cleaning up the GSASL context *twice* without clearing the pointer in between, making it `free()` the same pointer twice.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS