curl: CVE-2026-9546: sending old referer
Summary: libcurl documents that CURLOPTREFERER can be set to NULL to disable the Referer header again, but doing so after a transfer does not clear the cached per-handle referer state. As a result, the next HTTP request on the same easy handle can still send the previous request's Referer: value ...