CVE-2026-3784

wrong proxy connection reuse with credentials

Description

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading

Score

6.5

Severity

Medium

Ecosystem

APK

Publish Date

March 11, 2026

Modified Date

May 26, 2026

Score Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Versions