Vulnerability in Curl
CVE-2026-9546
A vulnerability in libcurl caused the HTTP `Referer:` header to persist even when explicitly cleared. While the documentation states that passing NULL to `CURLOPT_REFERER` suppresses the header, the option failed to clear the internal stat…
Affected products
- Curl — versions 8.20.0, 8.19.0, 8.18.0