PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-9080 curl CVE debrief

CVE-2026-9080 is a use-after-free vulnerability in libcurl, occurring when calling `curl_easy_pause()` within the event-based `CURLMOPT_SOCKETFUNCTION` callback. This triggers a use-after-free vulnerability because libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed. The vulnerability has been assigned a CVSS score of 7.3 and a severity of HIGH. Users of libcurl, particularly those using version 8.13.0 up to but not including 8.21.0, should be aware of this vulnerability and take steps to mitigate it. Affected product deployments require review, and compensating controls should be considered while remediation is planned.

Vendor
curl
Product
Unknown
CVSS
HIGH 7.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-03
Original CVE updated
2026-07-07
Advisory published
2026-07-03
Advisory updated
2026-07-07

Who should care

Users of libcurl, particularly those using version 8.13.0 up to but not including 8.21.0, should be aware of this vulnerability and take steps to mitigate it. This includes reviewing system configurations, checking for affected deployments, and applying patches or mitigations as available. Security teams and operators should prioritize this vulnerability due to its HIGH severity and potential impact on system security.

Technical summary

The vulnerability occurs when calling `curl_easy_pause()` within the event-based `CURLMOPT_SOCKETFUNCTION` callback, triggering a use-after-free vulnerability. libcurl attempts to store a flag using a dangling struct pointer immediately after that pointer's memory has been freed. This issue affects libcurl version 8.13.0 up to but not including 8.21.0. Users should review their deployments for affected versions and apply mitigations or patches as available.

Defensive priority

High

Recommended defensive actions

  • Apply the patch provided by the vendor
  • Update to a version of libcurl that is not vulnerable
  • Monitor for any suspicious activity
  • Review and update any affected systems or applications
  • Perform an inventory of systems using libcurl
  • Review compensating controls for exposed systems
  • Track exceptions and retest remediated assets

Evidence notes

The CVE record was published on 2026-07-03T07:16:25.713Z and was last modified on 2026-07-07T15:05:26.530Z. The NVD entry is currently Analyzed. Evidence is limited to CVE and NVD data. Defenders should verify system configurations, review for affected deployments, and monitor for suspicious activity related to libcurl usage.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-03T07:16:25.713Z and has not been modified since then. The NVD entry is currently Analyzed.