canonical ubuntu-linux CVE-2026-8925 in Canonical and Haxx Products
Published on July 3, 2026

SASL double-free

product logo product logo
The curl logic that works with SASL authentication could end up cleaning up the GSASL context *twice* without clearing the pointer in between, making it `free()` the same pointer twice.

NVD


Products Associated with CVE-2026-8925

stack.watch emails you whenever new vulnerabilities are published in Canonical Ubuntu Linux or Haxx Curl. Just hit a watch button to start following.

 
 

Affected Versions

curl: