Vulnerability Details CVE-2026-3805
When doing a second SMB request to the same host again, curl would wrongly use
a data pointer pointing into already freed memory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.4%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2026-3805
-
cpe:2.3:a:haxx:curl:8.13.0
-
cpe:2.3:a:haxx:curl:8.14.0
-
cpe:2.3:a:haxx:curl:8.14.1
-
cpe:2.3:a:haxx:curl:8.15.0
-
cpe:2.3:a:haxx:curl:8.16.0
-
cpe:2.3:a:haxx:curl:8.17.0
-
cpe:2.3:a:haxx:curl:8.18.0