CVE-2026-3784

ADVISORY - nist

Summary

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.

EPSS Score⁠: 0.00028 (0.077)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-305⁠

Authentication Bypass by Primary Weakness

ADVISORY - redhat

CWE-305⁠

Authentication Bypass by Primary Weakness

Impacted images

Advisories

NIST

CREATED

2 days ago

UPDATED

1 day ago

ADVISORY IDCVE-2026-3784⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-305⁠

CVSS SCORE

6.5medium

Alpine

CREATED

1 day ago

UPDATED

1 day ago

ADVISORY IDCVE-2026-3784⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

3 days ago

UPDATED

20 hours ago

ADVISORY IDCVE-2026-3784⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

2 days ago

UPDATED

2 days ago

ADVISORY IDCVE-2026-3784⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Red Hat

CREATED

3 days ago

UPDATED

22 hours ago

ADVISORY IDCVE-2026-3784⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-305⁠

CVSS SCORE

6.5medium

minimos

CREATED

9 hours ago

UPDATED

9 hours ago

ADVISORY ID

MINI-hrrg-xpmx-8mjr

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY