PT-2026-51739 · Git · Curl
Published
2026-06-24
·
Updated
2026-06-24
·
CVE-2026-10536
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
A use-after-free vulnerability exists in libcurl when an application
configures an HTTP/2 stream-dependency tree via
CURLOPT STREAM DEPENDS or
CURLOPT STREAM DEPENDS E, subsequently invokes curl easy reset(), and
finally terminates the handle with curl easy cleanup(). During this final
cleanup phase, libcurl attempts to access and modify an internal structure
that was already deallocated during the reset operation.Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Curl