Home / Vulnerability Intelligence / CVE-2026-3805

CVE-2026-3805 - Vulnerability Analysis

HighCVSS: 7.5

Last Updated: March 12, 2026

curl - Use After Free

Published: March 11, 2026Updated: March 12, 2026PoC AvailableRemote Exploitable

Overview

curl contains a use after free vulnerability caused by reuse of a data pointer pointing to already freed memory during a second SMB request to the same host, letting attackers cause memory corruption or crash, exploit requires crafted SMB requests.

Severity & Score

Severity: High

CVSS Score: 7.5

EPSS Score: 3.9%(Probability of exploitation in next 30 days)

Impact

Attackers can cause memory corruption or application crash, potentially leading to denial of service or code execution.

Mitigation

Update to the latest version of curl.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 11, 2026

🟠 CVE-2026-3805 - High (7.5) When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3805/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-3805
Severity: High
CVSS Score: 7.5
Type: use_after_free
Status: confirmed
EPSS: 3.9%
Social Posts: 1

CWE

CWE-416

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

3.9%Probability of exploitation in the next 30 days