Curl SMB Connection Reuse Vulnerability: Data Leak

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.5

Curl SMB Connection Reuse Vulnerability: Data Leak

CVE-2026-3805 CURL-CVE-2026-3805

Summary

Curl, a popular tool for transferring data over networks, has a weakness when reusing SMB connections. This means that sensitive data may be exposed when reconnecting to the same server. Update to the latest version of Curl to fix this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
haxx	curl	> 8.13.0 , <= 8.19.0	–

Original title

use after free in SMB connection reuse

Original description

When doing a second SMB request to the same host again, curl would wrongly use
a data pointer pointing into already freed memory.

Vulnerability type

CWE-416 Use After Free

https://curl.se/docs/CVE-2026-3805.html
https://curl.se/docs/CVE-2026-3805.json
https://hackerone.com/reports/3591944
http://www.openwall.com/lists/oss-security/2026/03/11/4

Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026