CVE-2026-3784
Description
curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to aserver, even if the new request uses different credentials for the HTTP proxy.The proper behavior is to create or use a separate connection.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.02
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2026-3805,CVE-2026-3784,CVE-2026-3783,CVE-2026-1965 are fixed in Curl For Windows 8.19.0 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234