VDB

CISA-2026-3784

CISA-2026-3784 PUBLISHED CVSS 6.5 MEDIUM

Reported by curl · Published March 11, 2026

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products

VendorProductVersions
curlcurl8.18.0, 8.17.0, 8.16.0
curlcurl8.18.0, 8.17.0, 8.16.0

Timeline

  • Mar 11, 2026 CVE Published
  • Mar 11, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›