CVE-2026-3805

HIGH

curl 8.13.0-8.18.9 - Use-After-Free in SMB Request Handling

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-3805. PoCs published by Rat5ak.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2026-3805, a use-after-free vulnerability in libcurl's SMB protocol handler. It includes root cause analysis, patch details, and reproduction steps.

Description

When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.

Exploits (1)

nomisec WRITEUP

by Rat5ak · poc

https://github.com/Rat5ak/CVE-2026-3805-curl-SMB-UAF

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2026-3805, a use-after-free vulnerability in libcurl's SMB protocol handler. It includes root cause analysis, patch details, and reproduction steps.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: libcurl (curl 8.13.0 through 8.18.0)

No auth needed

Prerequisites: SMB enabled in curl build · NTLM core available · 64-bit off_t

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Apr 12, 2026 Full analysis →

References (4)

Core 4

Core References

Various Sources

https://curl.se/docs/CVE-2026-3805.html

Various Sources

https://curl.se/docs/CVE-2026-3805.json

Third Party Advisory

https://hackerone.com/reports/3591944

Mailing List

http://www.openwall.com/lists/oss-security/2026/03/11/4

Scores

CVSS v3 7.5

EPSS 0.0072

EPSS Percentile 48.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-416

Status published

Products (1)

haxx/curl 8.13.0 - 8.19.0

Published Mar 11, 2026

Tracked Since Mar 11, 2026