What is the CVSS score of CVE-2026-3805?

CVE-2026-3805 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Curl are affected by CVE-2026-3805?

CVE-2026-3805 is a memory safety vulnerability in curl that could allow attackers to execute arbitrary code or cause denial of service when making consecutive SMB requests.. A patch is available.

Is there a public PoC exploit available for CVE-2026-3805?

Yes, a public proof-of-concept exploit is available for CVE-2026-3805. Prioritise patching immediately. EPSS: 0.0%.

Curl CVE-2026-3805

HIGH

Use After Free (CWE-416)

2026-03-11 2499f714-1537-4658-8207-48ae4bb9eae9

Use After Free Red Hat Curl Suse

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

PoC Detected

Mar 12, 2026 - 14:08 vuln.today

Public exploit code

Patch released

Mar 12, 2026 - 14:08 nvd

Patch available

CVE Published

Mar 11, 2026 - 11:16 nvd

HIGH 7.5

DescriptionNVD

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.

AnalysisAI

Curl's SMB implementation contains a use-after-free vulnerability that causes denial of service when processing consecutive requests to the same host, as the library incorrectly dereferences freed memory on subsequent connections. Public exploit code exists for this vulnerability affecting Curl installations. …

RemediationAI

Within 24 hours: Identify all systems running affected curl versions and assess SMB usage in production environments. Within 7 days: Apply the available patch to all curl installations, prioritizing systems handling sensitive data or critical infrastructure. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory