When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory.

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f13d888b0f advisory.

    - Fix bad reuse of HTTP Negotiate connection (CVE-2026-1965)
    - Fix token leak with redirect and netrc (CVE-2026-3783)
    - Fix wrong proxy connection reuse with credentials (CVE-2026-3784)
    - Fix use after free in SMB connection reuse (CVE-2026-3805)

    ----

    -  Fix `Could not find digest algorithm UNDEF (NID 0)`

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-66db242036 advisory.

    - Fix bad reuse of HTTP Negotiate connection (CVE-2026-1965)
    - Fix token leak with redirect and netrc (CVE-2026-3783)
    - Fix wrong proxy connection reuse with credentials (CVE-2026-3784)
    - Fix use after free in SMB connection reuse (CVE-2026-3805)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-907bbf2a13 advisory.

    - fix bad reuse of HTTP Negotiate connection (CVE-2026-1965)
    - fix token leak with redirect and netrc (CVE-2026-3783)
    - fix wrong proxy connection reuse with credentials (CVE-2026-3784)
    - fix use after free in SMB connection reuse (CVE-2026-3805)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of the Tenable Identity Exposure running on the remote host is prior to 3.77.17. It is, therefore, affected by multiple vulnerabilities according to advisory TNS-2026-11:

  - A flaw in Node.js's Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write     restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script     granted access only to the current directory can escape the allowed path and read sensitive files. This     breaks the expected isolation guarantees and enables arbitrary file read/write, leading to potential     system compromise. (CVE-2025-55130)

  - Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate     privileges over a network. (CVE-2026-26115)

  - Improper access control in Curl allows an authorized attacker to elevate privileges over a network.
    (CVE-2026-21262)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0911-1 advisory.

    - CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362).
    - CVE-2026-3783: token leak with redirect and netrc (bsc#1259363).
    - CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364).
    - CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0903-1 advisory.

    - CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362).
    - CVE-2026-3783: token leak with redirect and netrc (bsc#1259363).
    - CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364).
    - CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of curl installed on the remote host is 8.13.0 prior to 8.19.0 . It is, therefore, affected by a use after free in SMB connection vulnerability:

  - When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing     into already freed memory. (CVE-2026-3805)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

An update of the curl package has been released.

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8084-1 advisory.

    Zhicheng Chen discovered that curl could incorrectly reuse the wrong connection for Negotiate-     authenticated HTTP or HTTPS requests. This could result in the use of credentials from a different     connection, contrary to expectations. (CVE-2026-1965)

    It was discovered that curl incorrectly leaked OAuth2 bearer tokens when following a redirect. This could     result in tokens being sent to the wrong host, contrary to expectations. (CVE-2026-3783)

    Muhamad Arga Reksapati discovered that curl incorrectly reused existing HTTP proxy connections even if the     request used different credentials. This could result in the use of incorrect credentials, contrary to     expectations. (CVE-2026-3784)

    Daniel Wade discovered that curl incorrectly handled certain memory operations when doing a second SMB     request to the same host. An attacker could use this issue to cause curl to crash, resulting in a denial     of service, or possibly execute arbitrary code. This issue only affected Ubuntu 25.10. (CVE-2026-3805)

    Yihang Zhou discovered that curl incorrectly reused .netrc file credentials when following redirects. This     could result in the use of credentials for a different host, contrary to expectations. This issue only     affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-0167)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0885-1 advisory.

    - CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362).
    - CVE-2026-3783: token leak with redirect and netrc (bsc#1259363).
    - CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364).
    - CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1933737d-1d46-11f1-81da-8447094a420f advisory.

    The curl project reports:

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing     into already freed memory. (CVE-2026-3805)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
310432	Fedora 44 : curl (2026-f13d888b0f)	Nessus	Fedora Local Security Checks	medium
307656	Fedora 43 : curl (2026-66db242036)	Nessus	Fedora Local Security Checks	medium
307482	Fedora 42 : curl (2026-907bbf2a13)	Nessus	Fedora Local Security Checks	medium
307436	Tenable Identity Exposure < 3.77.17 Multiple Vulnerabilities (TNS-2026-11)	Nessus	Misc.	high
303012	SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2026:0911-1)	Nessus	SuSE Local Security Checks	medium
302846	SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2026:0903-1)	Nessus	SuSE Local Security Checks	medium
302777	Curl 8.13.0 < 8.19.0 Use After Free in SMB Connection	Nessus	Misc.	high
302753	Photon OS 5.0: Curl PHSA-2026-5.0-0785	Nessus	PhotonOS Local Security Checks	medium
302211	Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : curl vulnerabilities (USN-8084-1)	Nessus	Ubuntu Local Security Checks	medium
302096	SUSE SLES15 / openSUSE 15 Security Update : curl (SUSE-SU-2026:0885-1)	Nessus	SuSE Local Security Checks	medium
301882	FreeBSD : curl -- Multiple vulnerabilties (1933737d-1d46-11f1-81da-8447094a420f)	Nessus	FreeBSD Local Security Checks	medium
301854	Linux Distros Unpatched Vulnerability : CVE-2026-3805	Nessus	Misc.	high

Detections

Analytics

CVE-2026-3805

high

Tenable Plugins

medium

medium

medium

high

medium

medium

high

medium

medium

medium

medium

high