Vulnerability Report

CVE-2026-3784

Title: curl HTTP Proxy Connection Reuse with Different Credentials

Other

Proof Of Concept

No public PoC currently indexed for CVE-2026-3784.

CWE Category NVD-CWE-noinfo
Published Date Mar 11, 2026
Modified Date Jun 02, 2026
Exploit Status Not Found
Score 6.5 CVSS v
Exploit Probability (EPSS)
0.03%

Vulnerability Summary

CVE-2026-3784: curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.

Impacted Vendors

D
daniel_stenberg 1
H
haxx 1

Reference Links

https://curl.se/docs/CVE-2026-3784.html https://curl.se/docs/CVE-2026-3784.json https://hackerone.com/reports/3584903 http://www.openwall.com/lists/oss-security/2026/03/11/3
CVSS v3.1
Source Entity 134c704f-9b21-4f2e-91b3-4a467353bcc0
Severity MEDIUM
6.5
Attack Vector
NETWORK
Complexity
LOW
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2026-3784 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

Attack Vector Matrix

Access Vector NETWORK
Complexity LOW
Privileges N/A
Interaction NONE
CVSS Vector String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Stack

No specific products linked.