Vulnerability in Curl
CVE-2026-8925
The curl logic that works with SASL authentication could end up cleaning up the GSASL context *twice* without clearing the pointer in between, making it `free()` the same pointer twice.
Affected products
- Curl — versions 8.20.0, 8.19.0, 8.18.0