A vulnerability labeled as critical has been found in cURL up to 8.20.0. Affected is the function
free. Executing a manipulation can lead to double free.
This vulnerability appears as CVE-2026-8925. The attack may be performed from remote. There is no available exploit.