CVE-2026-3784
Modified Modified - Updated After Analysis
HTTP Proxy Authentication Bypass in curl via Connection Reuse

Publication date: 2026-03-11

Last updated on: 2026-06-02

Assigner: curl

Description
curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-11
Last Modified
2026-06-02
Generated
2026-06-16
AI Q&A
2026-03-11
EPSS Evaluated
2026-06-15
NVD
CVE-2026-3784
EUVD
EUVD-2026-11139
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
haxx curl From 7.7 (inc) to 8.18.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-305 The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can lead to an authentication bypass because curl reuses an HTTP proxy connection even when different credentials are provided.

As a result, unauthorized access to proxy resources could occur if different credentials are expected to isolate connections.

This could potentially allow an attacker to use an existing proxy connection without proper authentication, undermining security controls.

Compliance Impact

I don't know

Detection Guidance

There is no specific information provided in the resources about commands or methods to detect this vulnerability on your network or system.

Executive Summary

CVE-2026-3784 is a vulnerability in curl where the software incorrectly reuses an existing HTTP proxy connection when performing a CONNECT request to a server.

Specifically, curl would reuse a proxy connection even if the new request uses different credentials for the HTTP proxy, which is improper behavior.

The correct behavior is to create or use a separate connection for requests with different proxy credentials to prevent authentication bypass.

This flaw is classified under CWE-305: Authentication Bypass by Primary Weakness and has a low severity rating.

Mitigation Strategies

To mitigate the CVE-2026-3784 vulnerability in curl, the recommended steps are:

  • Upgrade curl and libcurl to version 8.19.0 or later, where the vulnerability is fixed.
  • If upgrading is not immediately possible, apply the patch provided for the vulnerability and rebuild libcurl.
  • Avoid using HTTP proxies with alternating credentials to prevent the improper reuse of proxy connections.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3784. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart