The curl logic that works with SASL authentication could end up cleaning up the GSASL context *twice* without clearing the pointer in between, making it `free()` the same pointer twice.CreditsJoshua Rogers (Aisle Research)Viktor SzakatsReferenceshttps://curl.se/docs/CVE-2026-8925.jsonhttps://curl.se/docs/CVE-2026-8925.htmlhttps://hackerone.com/reports/3735193