CVE-2026-3805
Published: 11 March 2026
Summary
CVE-2026-3805 is a high-severity Use After Free (CWE-416) vulnerability in Haxx Curl. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 9.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).
Deeper analysis
CVE-2026-3805 is a use-after-free vulnerability (CWE-416) in the curl library, published on 2026-03-11. It arises when curl processes a second SMB request to the same host, incorrectly using a data pointer that references already freed memory. The issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its potential for high-impact denial of service due to availability disruption without confidentiality or integrity effects.
A network-accessible attacker can exploit this remotely without privileges or user interaction. By controlling an SMB server and inducing a curl-using application to issue a second SMB request to that host—such as through crafted network traffic or application inputs—the attacker triggers memory corruption, typically causing the application to crash and resulting in denial of service.
Official advisories from the curl project detail mitigations, including patches for affected versions, at https://curl.se/docs/CVE-2026-3805.html and https://curl.se/docs/CVE-2026-3805.json. Further technical discussion appears in the HackerOne disclosure report at https://hackerone.com/reports/3591944 and the oss-security mailing list announcement at http://www.openwall.com/lists/oss-security/2026/03/11/4. Security practitioners should review these resources promptly for upgrade guidance.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-11141
Vulnerability details
When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Use-after-free in curl's SMB handling causes memory corruption and application crash on a second request to a malicious server, directly enabling remote DoS via application exploitation (T1499.004) with no other impacts or behaviors indicated.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely flaw remediation requires patching the curl library to eliminate the use-after-free vulnerability during second SMB requests.
Memory protection safeguards like ASLR and DEP mitigate exploitation of the use-after-free bug by preventing reliable memory corruption leading to crashes.
Vulnerability scanning identifies deployed vulnerable curl versions affected by this SMB-related use-after-free flaw.