configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or
`CURLOPT_STREAM_DEPENDS_E`, subsequently invokes `curl_easy_reset()`, and
finally terminates the handle with `curl_easy_cleanup()`. During this final
cleanup phase, libcurl attempts to access and modify an internal structure
that was already freed during the reset operation.
Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Sat, 04 Jul 2026 05:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-416 |
Fri, 03 Jul 2026 21:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-416 |
Fri, 03 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-416 |
Fri, 03 Jul 2026 08:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Curl
Curl curl |
|
| Vendors & Products |
Curl
Curl curl |
Fri, 03 Jul 2026 06:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or `CURLOPT_STREAM_DEPENDS_E`, subsequently invokes `curl_easy_reset()`, and finally terminates the handle with `curl_easy_cleanup()`. During this final cleanup phase, libcurl attempts to access and modify an internal structure that was already freed during the reset operation. | |
| Title | HTTP/2 stream-dependency tree UAF | |
| References |
|
Status: PUBLISHED
Assigner: curl
Published:
Updated: 2026-07-03T06:11:15.378Z
Reserved: 2026-06-01T11:49:55.548Z
Link: CVE-2026-10536
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-04T05:00:15Z