CVE-2026-3784

{"id": "CVE-2026-3784", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2026-03-11T11:16:00.437", "references": [{"url": "https://curl.se/docs/CVE-2026-3784.html", "tags": ["Patch", "Vendor Advisory"], "source": "2499f714-1537-4658-8207-48ae4bb9eae9"}, {"url": "https://curl.se/docs/CVE-2026-3784.json", "tags": ["Vendor Advisory"], "source": "2499f714-1537-4658-8207-48ae4bb9eae9"}, {"url": "https://hackerone.com/reports/3584903", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "2499f714-1537-4658-8207-48ae4bb9eae9"}, {"url": "http://www.openwall.com/lists/oss-security/2026/03/11/3", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html", "source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-305"}]}], "descriptions": [{"lang": "en", "value": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection."}, {"lang": "es", "value": "curl reutilizar\u00eda err\u00f3neamente una conexi\u00f3n proxy HTTP existente haciendo CONNECT a un servidor, incluso si la nueva solicitud utiliza credenciales diferentes para el proxy HTTP. El comportamiento adecuado es crear o usar una conexi\u00f3n separada."}], "lastModified": "2026-06-02T14:16:52.643", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94E54714-769C-4910-9044-7BFF8F9F94F0", "versionEndExcluding": "8.18.0", "versionStartIncluding": "7.7"}], "operator": "OR"}]}], "sourceIdentifier": "2499f714-1537-4658-8207-48ae4bb9eae9"}