libcurl UAF via curl_easy_pause() in SOCKETFUNCTION
CVE-2026-9080 Published on July 3, 2026
UAF after pause in socket callback
Calling `curl_easy_pause()` within the event-based `CURLMOPT_SOCKETFUNCTION`
callback triggers a use-after-free vulnerability, where libcurl attempts to
store a flag using a dangling struct pointer immediately after that pointer's
memory has been freed.
Products Associated with CVE-2026-9080
stack.watch emails you whenever new vulnerabilities are published in Canonical Ubuntu Linux or Haxx Curl. Just hit a watch button to start following.
Affected Versions
curl:- Version 8.20.0, <= 8.20.0 is affected.
- Version 8.19.0, <= 8.19.0 is affected.
- Version 8.18.0, <= 8.18.0 is affected.
- Version 8.17.0, <= 8.17.0 is affected.
- Version 8.16.0, <= 8.16.0 is affected.
- Version 8.15.0, <= 8.15.0 is affected.
- Version 8.14.1, <= 8.14.1 is affected.
- Version 8.14.0, <= 8.14.0 is affected.
- Version 8.13.0, <= 8.13.0 is affected.