Vulnerability in Curl

CVE-2026-8925

The curl logic that works with SASL authentication could end up cleaning up the GSASL context *twice* without clearing the pointer in between, making it `free()` the same pointer twice.

Affected products

  • Curl — versions 8.20.0, 8.19.0, 8.18.0

References