Skip to content
CVSS 9.8 · CRITICAL

CVE-2026-10536

A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or `CURLOPT_STREAM_DEPENDS_E`, subsequently invokes `curl_easy_reset()`, and finally terminates the handle with `curl_easy_cleanup()`. During this final cleanup phase, libcurl attempts to access and modify an internal structure that was already freed during the reset operation.

Ver en NVD

Análisis

A critical use-after-free vulnerability has been discovered in libcurl (curl) affecting HTTP/2 stream-dependency handling. If your application uses curl_easy_reset in conjunction with stream dependencies, it could trigger memory corruption during cleanup. Given libcurl's role as core infrastructure for most software stacks, developers should verify and update their versions.

Roles relevantes

BackendLinuxCC++CyberSecurityCloud

Severidad

Puntaje: 9.8(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH

EPSS

Probabilidad de explotación (próx. 30 días): 0.0021 (0.2%)
Percentil: 10.8%
EPSS: 2026-07-06

Descripción técnica

A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or `CURLOPT_STREAM_DEPENDS_E`, subsequently invokes `curl_easy_reset()`, and finally terminates the handle with `curl_easy_cleanup()`. During this final cleanup phase, libcurl attempts to access and modify an internal structure that was already freed during the reset operation.

Publicada: 3/7/2026, 7:16:23
Última modificación: 6/7/2026, 19:16:54

Referencias

InicioEventosBlogRecursosEquipo