CVE-2026-3784 curl — Exploit & Vulnerability Details MEDIUM

CVE-2026-3784

MEDIUM CVSS 3.1: 6.5 EPSS 0.03%

Parameter	Value
CVSS	6.5 (MEDIUM)
Type	CWE-305
Vendor	curl
Public PoC	No

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

Low

Partial data leak

Integrity

Low

Partial data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-305

References 4

https://curl.se/docs/CVE-2026-3784.html

2499f714-1537-4658-8207-48ae4bb9eae9

https://curl.se/docs/CVE-2026-3784.json

2499f714-1537-4658-8207-48ae4bb9eae9

https://hackerone.com/reports/3584903

2499f714-1537-4658-8207-48ae4bb9eae9

http://www.openwall.com/lists/oss-security/2026/03/11/3

af854a3a-2127-422b-91ae-364da2661108

Share Post Share Share Share

Menu

CVE-2026-3784

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 4

CVE Details

Editor's Choice

Menu

CVE-2026-3784

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 4

CVE Details

Editor's Choice

Stay informed on cybersecurity