canonical ubuntu-linux CVE-2026-8924 in Canonical and Haxx Products
Published on July 3, 2026

trailing dot domain super cookie

product logo product logo
A flaw in curls cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains.

NVD


Products Associated with CVE-2026-8924

stack.watch emails you whenever new vulnerabilities are published in Canonical Ubuntu Linux or Haxx Curl. Just hit a watch button to start following.

 
 

Affected Versions

curl: