Platform
curl
Component
curl
Fixed in
8.18.1
8.18.1
8.18.1
8.18.1
8.18.1
8.14.1
8.18.1
CVE-2026-3805 describes a Use-After-Free vulnerability discovered in curl. This flaw can lead to memory corruption when curl handles subsequent SMB requests to the same host. The vulnerability affects versions 8.13.0 through 8.18.0, and a fix is available in version 8.18.1. Prompt patching is recommended to prevent potential exploitation.
The Use-After-Free vulnerability in curl allows an attacker to potentially trigger a denial-of-service (DoS) condition or, in more severe scenarios, achieve arbitrary code execution. By crafting malicious SMB requests, an attacker could manipulate curl's memory management, leading to crashes or the ability to overwrite critical data. Successful exploitation could allow an attacker to gain control of the system running curl, especially if curl is integrated into a larger application or service. The impact is amplified in environments where curl is used to interact with SMB servers, such as file transfer or network automation scripts.
CVE-2026-3805 was publicly disclosed on 2026-03-11. There is currently no information available regarding active exploitation campaigns or public proof-of-concept (PoC) code. The vulnerability has not been added to the CISA KEV catalog. Further monitoring is recommended to assess the potential for exploitation.
Exploit Status
EPSS
0.04% (12% percentile)
The primary mitigation for CVE-2026-3805 is to upgrade to curl version 8.18.1 or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds such as restricting SMB connections to trusted hosts or implementing stricter input validation on SMB requests. WAF rules can be configured to filter out potentially malicious SMB request patterns. Monitor curl's memory usage for unusual spikes, which could indicate exploitation attempts. After upgrading, confirm the fix by sending a series of SMB requests to the same host and verifying that no crashes or memory errors occur.
Update the curl library to version 8.18.1 or later. This update fixes a use-after-free vulnerability that could allow arbitrary code execution. Ensure you restart any services that use the curl library after the update.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-3805 is a Use-After-Free vulnerability affecting curl versions 8.13.0 through 8.18.0. It arises from improper memory handling when making subsequent SMB requests to the same host, potentially leading to crashes or code execution.
If you are using curl versions 8.13.0 through 8.18.0, you are potentially affected. Check your curl version using curl --version and upgrade if necessary.
Upgrade to curl version 8.18.1 or later to resolve the vulnerability. If immediate upgrade is not possible, consider temporary workarounds like restricting SMB connections.
As of now, there is no confirmed information about active exploitation of CVE-2026-3805. However, it's crucial to apply the patch promptly to mitigate potential risks.
Refer to the official curl security advisory for detailed information and updates regarding CVE-2026-3805: [https://curl.se/security/advisories](https://curl.se/security/advisories)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.