Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
Incorrect Proxy Credentials Used for New Connections
CVE-2026-3784
CURL-CVE-2026-3784
Summary
A bug in curl's HTTP proxy handling can cause it to reuse an existing connection with the wrong proxy credentials. This can lead to unauthorized access to sensitive resources if attackers intercept the reused connection. To mitigate this, update curl to the latest version.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| haxx | curl | > 7.7 , <= 8.18.0 | – |
Original title
wrong proxy connection reuse with credentials
Original description
curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a
server, even if the new request uses different credentials for the HTTP proxy.
The proper behavior is to create or use a separate connection.
server, even if the new request uses different credentials for the HTTP proxy.
The proper behavior is to create or use a separate connection.
Vulnerability type
CWE-305
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026