ГлавнаяУязвимости → CVE-2026-9080
7.3высокая

CVE-2026-9080

Описание

Calling `curl_easy_pause()` within the event-based `CURLMOPT_SOCKETFUNCTION` callback triggers a use-after-free vulnerability, where libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed.

Затрагиваемое ПО
Haxx Curl
CVSS
Балл7.3 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Источники
https://curl.se/docs/CVE-2026-9080.htmlhttps://curl.se/docs/CVE-2026-9080.jsonhttps://hackerone.com/reports/3749204https://hackerone.com/reports/3749204