Cyber Resilience

CVE-2026-3805

HighPublic PoC

Published: 11 March 2026

Published
11 March 2026
Modified
12 March 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0003 9.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-3805 is a high-severity Use After Free (CWE-416) vulnerability in Haxx Curl. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 9.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2026-3805 is a use-after-free vulnerability (CWE-416) in the curl library, published on 2026-03-11. It arises when curl processes a second SMB request to the same host, incorrectly using a data pointer that references already freed memory. The issue carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its potential for high-impact denial of service due to availability disruption without confidentiality or integrity effects.

A network-accessible attacker can exploit this remotely without privileges or user interaction. By controlling an SMB server and inducing a curl-using application to issue a second SMB request to that host—such as through crafted network traffic or application inputs—the attacker triggers memory corruption, typically causing the application to crash and resulting in denial of service.

Official advisories from the curl project detail mitigations, including patches for affected versions, at https://curl.se/docs/CVE-2026-3805.html and https://curl.se/docs/CVE-2026-3805.json. Further technical discussion appears in the HackerOne disclosure report at https://hackerone.com/reports/3591944 and the oss-security mailing list announcement at http://www.openwall.com/lists/oss-security/2026/03/11/4. Security practitioners should review these resources promptly for upgrade guidance.

EU & UK References

Vulnerability details

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Use-after-free in curl's SMB handling causes memory corruption and application crash on a second request to a malicious server, directly enabling remote DoS via application exploitation (T1499.004) with no other impacts or behaviors indicated.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-6276Same product: Haxx Curl
CVE-2026-5773Same product: Haxx Curl
CVE-2026-6759Shared CWE-416
CVE-2026-28799Shared CWE-416
CVE-2026-24684Shared CWE-416
CVE-2026-8336Shared CWE-416
CVE-2026-24683Shared CWE-416
CVE-2024-56772Shared CWE-416
CVE-2025-63652Shared CWE-416
CVE-2026-23351Shared CWE-416

Affected Assets

haxx
curl
8.13.0 — 8.19.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely flaw remediation requires patching the curl library to eliminate the use-after-free vulnerability during second SMB requests.

prevent

Memory protection safeguards like ASLR and DEP mitigate exploitation of the use-after-free bug by preventing reliable memory corruption leading to crashes.

detect

Vulnerability scanning identifies deployed vulnerable curl versions affected by this SMB-related use-after-free flaw.

References