CVE-2026-8924
CVE-2026-8924CVE-2026-8924
Description
A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set
'super cookies' that bypass the Public Suffix List check. This enables an
attacker-controlled origin to inject cookies that curl subsequently scopes and
transmits to unrelated third-party domains.
Scoring
| Last modified | 2026-07-03 |