Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-8925

The curl logic that works with SASL authentication could end up cleaning up the GSASL context *twice* without clearing the pointer in between, making it `free()` the same pointer twice.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 51.0%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2026-8925
  • Haxx » Curl » Version: 8.15.0
    cpe:2.3:a:haxx:curl:8.15.0
  • Haxx » Curl » Version: 8.16.0
    cpe:2.3:a:haxx:curl:8.16.0
  • Haxx » Curl » Version: 8.17.0
    cpe:2.3:a:haxx:curl:8.17.0
  • Haxx » Curl » Version: 8.18.0
    cpe:2.3:a:haxx:curl:8.18.0


Contact Us

Shodan ® - All rights reserved