You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2026 3784
About this tag
CVE-2026-3784 is a disclosed vulnerability in curl and libcurl, the widely used networking tools. The flaw allows an existing HTTP proxy connection established with one set of proxy credentials to be wrongly reused when a subsequent request attempts to use different proxy credentials. This issue, fixed in curl version 8.19.0, was coordinated publicly on March 11, 2026. Discussions on WindowsForum cover the technical details of the vulnerability, its impact on proxy connection handling, and the importance of updating to the patched version. Users and administrators are advised to apply the update promptly to prevent potential credential confusion or unauthorized access via shared proxy connections.
The curl project disclosed a new vulnerability, tracked as CVE-2026-3784, in which libcurl and the curl command-line tool can wrongly reuse an existing HTTP proxy connection established with one set of proxy credentials when a subsequent request attempts to use different proxy credentials — a...