CVE-2026-8925

Source
https://cve.org/CVERecord?id=CVE-2026-8925
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-8925.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-8925
Aliases
Downstream
Related
Published
2026-07-03T06:15:25.448Z
Modified
2026-07-10T10:14:41.068964886Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
SASL double-free
Details

The curl logic that works with SASL authentication could end up cleaning up the GSASL context twice without clearing the pointer in between, making it free() the same pointer twice.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "8.20.0"
                },
                {
                    "last_affected": "8.20.0"
                },
                {
                    "introduced": "8.19.0"
                },
                {
                    "last_affected": "8.19.0"
                },
                {
                    "introduced": "8.18.0"
                },
                {
                    "last_affected": "8.18.0"
                },
                {
                    "introduced": "8.17.0"
                },
                {
                    "last_affected": "8.17.0"
                },
                {
                    "introduced": "8.16.0"
                },
                {
                    "last_affected": "8.16.0"
                },
                {
                    "introduced": "8.15.0"
                },
                {
                    "last_affected": "8.15.0"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/8xxx/CVE-2026-8925.json",
    "cna_assigner": "curl"
}
References

Affected packages

Git / github.com/curl/curl

Affected ranges

Type
GIT
Repo
https://github.com/curl/curl
Events
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "8.15.0"
        },
        {
            "fixed": "8.21.0"
        }
    ]
}

Affected versions

Other
curl-8_15_0
curl-8_16_0
curl-8_17_0
curl-8_18_0
curl-8_19_0
curl-8_20_0
rc-8_18_0-1
rc-8_18_0-2
rc-8_18_0-3
rc-8_19_0-1
rc-8_19_0-2
rc-8_19_0-3
rc-8_20_0-1
rc-8_20_0-2
rc-8_20_0-3
rc-8_21_0-1
rc-8_21_0-2
rc-8_21_0-3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-8925.json"