curl: CVE-2026-10536: HTTP/2 stream-dependency tree UAF
Use-after-free in curleasyreset with HTTP/2 stream-dependency tree Hi all, We've found an issue in lib/easy.c where curleasyreset bypasses dataprioritycleanup before clearing data-set, leaving the HTTP/2 stream-dependency tree with dangling pointers to the reset handle. The current curleasyreset ...