Is Use After Free affected by CVE-2026-3805?

CVE-2026-3805 is a memory safety vulnerability in curl that could allow attackers to execute arbitrary code or cause denial of service when making consecutive SMB requests.

CVE-2026-3805

HIGH

2026-03-11 2499f714-1537-4658-8207-48ae4bb9eae9

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

PoC Detected

Mar 12, 2026 - 14:08 vuln.today

Public exploit code

Patch Released

Mar 12, 2026 - 14:08 nvd

Patch available

CVE Published

Mar 11, 2026 - 11:16 nvd

HIGH 7.5

Description

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.

Analysis

Curl's SMB implementation contains a use-after-free vulnerability that causes denial of service when processing consecutive requests to the same host, as the library incorrectly dereferences freed memory on subsequent connections. Public exploit code exists for this vulnerability affecting Curl installations. …

Remediation

Within 24 hours: Identify all systems running affected curl versions and assess SMB usage in production environments. Within 7 days: Apply the available patch to all curl installations, prioritizing systems handling sensitive data or critical infrastructure. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +38

POC: +20

CVE-2026-3805 vulnerability details – vuln.today

Back

CVE-2026-3805

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-3805

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code