Description
When doing a second SMB request to the same host again, curl would wrongly use
a data pointer pointing into already freed memory.
Published: 2026-03-11
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch Immediately
AI Analysis

Impact

The vulnerability is a classic use‑after‑free condition in the curl library. According to the vendor description, during a second SMB request to the same host, curl incorrectly reuses a data pointer that references memory that has already been freed, leading to a use‑after‑free (CWE‑416). This memory corruption can allow an attacker to influence program behavior, potentially resulting in arbitrary code execution or denial of service by corrupting critical data structures.

Affected Systems

The affected product is curl, listed under the haxx vendor (cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*). No specific version range is provided in the data, so any instance of curl that performs an SMB connection reuse could be susceptible. System administrators should consider all installations that use curl for SMB operations vulnerable until a patch is applied.

Risk and Exploitability

The CVSS score is 7.5, indicating a high severity, while the EPSS score is below 1 %, suggesting a low probability of widespread exploitation. The vulnerability is not currently listed in the CISA KEV catalog. Exploitation would require an attacker to get a vulnerable curl instance to perform a second SMB request to the same host; the attack vector is remote, as the flaw occurs entirely within the client library during SMB communication.

Generated by OpenCVE AI on March 17, 2026 at 16:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade your curl installation to the latest stable release that contains the CVE‑2026‑3805 fix.
  • If an upgrade is not immediately possible, consult the curl project website, support forums, or advisories for a patch or advisory on work‑arounds.
  • Until a patched version is available, avoid reusing SMB connections in curl programs; use a fresh handle or close the connection after each SMB operation.

Generated by OpenCVE AI on March 17, 2026 at 16:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8084-1 curl vulnerabilities
History

Fri, 13 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-825
References
Metrics threat_severity

None

 threat_severity

Moderate

Thu, 12 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Haxx
Haxx curl
CPEs cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
Vendors & Products Haxx
Haxx curl

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Curl
Curl curl
Vendors & Products Curl
Curl curl

Wed, 11 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 11:30:00 +0000

Type Values Removed Values Added
References

Wed, 11 Mar 2026 10:30:00 +0000

Type Values Removed Values Added
Description When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.
Title use after free in SMB connection reuse
References

Subscriptions

Curl Curl
Haxx Curl
cve-icon MITRE

Status: PUBLISHED

Assigner: curl

Published:

Updated: 2026-03-11T15:45:38.820Z

Reserved: 2026-03-08T16:07:39.817Z

Link: CVE-2026-3805

cve-icon Vulnrichment

Updated: 2026-03-11T10:16:34.391Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-11T11:16:00.967

Modified: 2026-03-12T14:08:56.790

Link: CVE-2026-3805

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-11T10:09:37Z

Links: CVE-2026-3805 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T14:37:23Z

Weaknesses