CVE-2026-8924
A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This e
CVSS
9.1
Crítico
EPSS
0.6%
p47
KEV
—
Exploit Today
14
0-100
Publicado: 3 jul 2026 · Última mod.: 7 jul 2026
0.2%EPSS · 30 días0.6%
2026-07-042026-07-17
A flaw in curl’s cookie parsing logic allows a malicious HTTP server to set 'super cookies' that bypass the Public Suffix List check. This enables an attacker-controlled origin to inject cookies that curl subsequently scopes and transmits to unrelated third-party domains.
Sin CVEs relacionados por CWE o producto.