CVE-2026-8925 in cURLinfo

Summary

by MITRE • 07/03/2026

The curl logic that works with SASL authentication could end up cleaning up the GSASL context *twice* without clearing the pointer in between, making it `free()` the same pointer twice.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 07/04/2026

This vulnerability resides within the curl library's implementation of Simple Authentication and Security Layer authentication mechanisms, specifically affecting the handling of GNU SASL (GSASL) contexts during authentication cleanup operations. The flaw represents a classic double-free memory corruption issue that occurs when the application attempts to release the same memory location twice, potentially leading to arbitrary code execution or denial of service conditions. The vulnerability manifests when curl processes SASL authentication sequences and encounters specific error conditions or authentication flow paths that trigger the improper cleanup routine.

The technical implementation flaw stems from inadequate pointer management within the GSASL context cleanup logic where the application fails to properly nullify the context pointer after the initial free operation. This oversight creates a scenario where subsequent cleanup attempts reference already freed memory, resulting in undefined behavior and potential exploitation opportunities. The vulnerability specifically impacts curl versions that utilize GSASL for authentication protocols such as SMTP, POP3, IMAP, and other services supporting SASL mechanisms. According to CWE-415, this represents an improper cleanup of memory resources where the same memory is freed twice, while the ATT&CK framework categorizes this under privilege escalation through memory corruption techniques.

The operational impact of this vulnerability extends beyond simple denial of service scenarios, as it could enable remote attackers to execute arbitrary code on systems running vulnerable curl implementations. Attackers could potentially exploit this weakness by crafting malicious authentication responses or by manipulating network conditions that trigger the specific error paths leading to double-free execution. Systems utilizing curl for email clients, web scraping applications, or any service requiring SASL authentication are at risk, particularly when these applications process untrusted authentication data from remote servers. The vulnerability is especially concerning in environments where curl is used as a library component within larger applications, as the memory corruption could affect application stability and potentially provide foothold for further exploitation.

Mitigation strategies should prioritize immediate patching of affected curl versions to address the double-free condition through proper pointer management and nullification after first free operations. Organizations should implement network segmentation and monitoring to detect unusual authentication patterns that might indicate exploitation attempts, while also applying runtime protections such as address space layout randomization and stack canaries. System administrators should conduct comprehensive inventory assessments to identify all systems utilizing vulnerable curl versions, particularly those handling email protocols or other services requiring SASL authentication. Additionally, implementing proper input validation and authentication response handling can help reduce the attack surface by preventing malformed authentication sequences from reaching the vulnerable code paths that trigger the double-free condition.

Responsible

Curl

Reservation

05/19/2026

Disclosure

07/03/2026

Moderation

accepted

CPE

ready

EPSS

0.01080

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!