6.5
CVE-2026-3784
- EPSS 0.3%
- Veröffentlicht 11.03.2026 10:09:21
- Zuletzt bearbeitet 02.06.2026 14:16:52
- Quelle 2499f714-1537-4658-8207-48ae4b
- CVE-Watchlists
- Unerledigt
wrong proxy connection reuse with credentials
curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.216 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-305 Authentication Bypass by Primary Weakness
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
https://curl.se/docs/CVE-2026-3784.json
https://curl.se/docs/CVE-2026-3784.html
https://hackerone.com/reports/3584903
http://www.openwall.com/lists/oss-security/2026/03/11/3
https://cert-portal.siemens.com/productcert/html/ssa-253495.html