CURL: Improper HTTP Proxy Connection Reuse with Different Credentials
CVE-2026-3784 Published on March 11, 2026
wrong proxy connection reuse with credentials
curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a
server, even if the new request uses different credentials for the HTTP proxy.
The proper behavior is to create or use a separate connection.
Vulnerability Analysis
CVE-2026-3784 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
NONE
Weakness Type
Authentication Bypass by Primary Weakness
The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Products Associated with CVE-2026-3784
stack.watch emails you whenever new vulnerabilities are published in Haxx Curl or Canonical Ubuntu Linux. Just hit a watch button to start following.
Affected Versions
curl:- Version 8.18.0, <= 8.18.0 is affected.
- Version 8.17.0, <= 8.17.0 is affected.
- Version 8.16.0, <= 8.16.0 is affected.
- Version 8.15.0, <= 8.15.0 is affected.
- Version 8.14.1, <= 8.14.1 is affected.
- Version 8.14.0, <= 8.14.0 is affected.
- Version 8.13.0, <= 8.13.0 is affected.
- Version 8.12.1, <= 8.12.1 is affected.
- Version 8.12.0, <= 8.12.0 is affected.
- Version 8.11.1, <= 8.11.1 is affected.
- Version 8.11.0, <= 8.11.0 is affected.
- Version 8.10.1, <= 8.10.1 is affected.
- Version 8.10.0, <= 8.10.0 is affected.
- Version 8.9.1, <= 8.9.1 is affected.
- Version 8.9.0, <= 8.9.0 is affected.
- Version 8.8.0, <= 8.8.0 is affected.
- Version 8.7.1, <= 8.7.1 is affected.
- Version 8.7.0, <= 8.7.0 is affected.
- Version 8.6.0, <= 8.6.0 is affected.
- Version 8.5.0, <= 8.5.0 is affected.
- Version 8.4.0, <= 8.4.0 is affected.
- Version 8.3.0, <= 8.3.0 is affected.
- Version 8.2.1, <= 8.2.1 is affected.
- Version 8.2.0, <= 8.2.0 is affected.
- Version 8.1.2, <= 8.1.2 is affected.
- Version 8.1.1, <= 8.1.1 is affected.
- Version 8.1.0, <= 8.1.0 is affected.
- Version 8.0.1, <= 8.0.1 is affected.
- Version 8.0.0, <= 8.0.0 is affected.
- Version 7.88.1, <= 7.88.1 is affected.
- Version 7.88.0, <= 7.88.0 is affected.
- Version 7.87.0, <= 7.87.0 is affected.
- Version 7.86.0, <= 7.86.0 is affected.
- Version 7.85.0, <= 7.85.0 is affected.
- Version 7.84.0, <= 7.84.0 is affected.
- Version 7.83.1, <= 7.83.1 is affected.
- Version 7.83.0, <= 7.83.0 is affected.
- Version 7.82.0, <= 7.82.0 is affected.
- Version 7.81.0, <= 7.81.0 is affected.
- Version 7.80.0, <= 7.80.0 is affected.
- Version 7.79.1, <= 7.79.1 is affected.
- Version 7.79.0, <= 7.79.0 is affected.
- Version 7.78.0, <= 7.78.0 is affected.
- Version 7.77.0, <= 7.77.0 is affected.
- Version 7.76.1, <= 7.76.1 is affected.
- Version 7.76.0, <= 7.76.0 is affected.
- Version 7.75.0, <= 7.75.0 is affected.
- Version 7.74.0, <= 7.74.0 is affected.
- Version 7.73.0, <= 7.73.0 is affected.
- Version 7.72.0, <= 7.72.0 is affected.
- Version 7.71.1, <= 7.71.1 is affected.
- Version 7.71.0, <= 7.71.0 is affected.
- Version 7.70.0, <= 7.70.0 is affected.
- Version 7.69.1, <= 7.69.1 is affected.
- Version 7.69.0, <= 7.69.0 is affected.
- Version 7.68.0, <= 7.68.0 is affected.
- Version 7.67.0, <= 7.67.0 is affected.
- Version 7.66.0, <= 7.66.0 is affected.
- Version 7.65.3, <= 7.65.3 is affected.
- Version 7.65.2, <= 7.65.2 is affected.
- Version 7.65.1, <= 7.65.1 is affected.
- Version 7.65.0, <= 7.65.0 is affected.
- Version 7.64.1, <= 7.64.1 is affected.
- Version 7.64.0, <= 7.64.0 is affected.
- Version 7.63.0, <= 7.63.0 is affected.
- Version 7.62.0, <= 7.62.0 is affected.
- Version 7.61.1, <= 7.61.1 is affected.
- Version 7.61.0, <= 7.61.0 is affected.
- Version 7.60.0, <= 7.60.0 is affected.
- Version 7.59.0, <= 7.59.0 is affected.
- Version 7.58.0, <= 7.58.0 is affected.
- Version 7.57.0, <= 7.57.0 is affected.
- Version 7.56.1, <= 7.56.1 is affected.
- Version 7.56.0, <= 7.56.0 is affected.
- Version 7.55.1, <= 7.55.1 is affected.
- Version 7.55.0, <= 7.55.0 is affected.
- Version 7.54.1, <= 7.54.1 is affected.
- Version 7.54.0, <= 7.54.0 is affected.
- Version 7.53.1, <= 7.53.1 is affected.
- Version 7.53.0, <= 7.53.0 is affected.
- Version 7.52.1, <= 7.52.1 is affected.
- Version 7.52.0, <= 7.52.0 is affected.
- Version 7.51.0, <= 7.51.0 is affected.
- Version 7.50.3, <= 7.50.3 is affected.
- Version 7.50.2, <= 7.50.2 is affected.
- Version 7.50.1, <= 7.50.1 is affected.
- Version 7.50.0, <= 7.50.0 is affected.
- Version 7.49.1, <= 7.49.1 is affected.
- Version 7.49.0, <= 7.49.0 is affected.
- Version 7.48.0, <= 7.48.0 is affected.
- Version 7.47.1, <= 7.47.1 is affected.
- Version 7.47.0, <= 7.47.0 is affected.
- Version 7.46.0, <= 7.46.0 is affected.
- Version 7.45.0, <= 7.45.0 is affected.
- Version 7.44.0, <= 7.44.0 is affected.
- Version 7.43.0, <= 7.43.0 is affected.
- Version 7.42.1, <= 7.42.1 is affected.
- Version 7.42.0, <= 7.42.0 is affected.
- Version 7.41.0, <= 7.41.0 is affected.
- Version 7.40.0, <= 7.40.0 is affected.
- Version 7.39.0, <= 7.39.0 is affected.
- Version 7.38.0, <= 7.38.0 is affected.
- Version 7.37.1, <= 7.37.1 is affected.
- Version 7.37.0, <= 7.37.0 is affected.
- Version 7.36.0, <= 7.36.0 is affected.
- Version 7.35.0, <= 7.35.0 is affected.
- Version 7.34.0, <= 7.34.0 is affected.
- Version 7.33.0, <= 7.33.0 is affected.
- Version 7.32.0, <= 7.32.0 is affected.
- Version 7.31.0, <= 7.31.0 is affected.
- Version 7.30.0, <= 7.30.0 is affected.
- Version 7.29.0, <= 7.29.0 is affected.
- Version 7.28.1, <= 7.28.1 is affected.
- Version 7.28.0, <= 7.28.0 is affected.
- Version 7.27.0, <= 7.27.0 is affected.
- Version 7.26.0, <= 7.26.0 is affected.
- Version 7.25.0, <= 7.25.0 is affected.
- Version 7.24.0, <= 7.24.0 is affected.
- Version 7.23.1, <= 7.23.1 is affected.
- Version 7.23.0, <= 7.23.0 is affected.
- Version 7.22.0, <= 7.22.0 is affected.
- Version 7.21.7, <= 7.21.7 is affected.
- Version 7.21.6, <= 7.21.6 is affected.
- Version 7.21.5, <= 7.21.5 is affected.
- Version 7.21.4, <= 7.21.4 is affected.
- Version 7.21.3, <= 7.21.3 is affected.
- Version 7.21.2, <= 7.21.2 is affected.
- Version 7.21.1, <= 7.21.1 is affected.
- Version 7.21.0, <= 7.21.0 is affected.
- Version 7.20.1, <= 7.20.1 is affected.
- Version 7.20.0, <= 7.20.0 is affected.
- Version 7.19.7, <= 7.19.7 is affected.
- Version 7.19.6, <= 7.19.6 is affected.
- Version 7.19.5, <= 7.19.5 is affected.
- Version 7.19.4, <= 7.19.4 is affected.
- Version 7.19.3, <= 7.19.3 is affected.
- Version 7.19.2, <= 7.19.2 is affected.
- Version 7.19.1, <= 7.19.1 is affected.
- Version 7.19.0, <= 7.19.0 is affected.
- Version 7.18.2, <= 7.18.2 is affected.
- Version 7.18.1, <= 7.18.1 is affected.
- Version 7.18.0, <= 7.18.0 is affected.
- Version 7.17.1, <= 7.17.1 is affected.
- Version 7.17.0, <= 7.17.0 is affected.
- Version 7.16.4, <= 7.16.4 is affected.
- Version 7.16.3, <= 7.16.3 is affected.
- Version 7.16.2, <= 7.16.2 is affected.
- Version 7.16.1, <= 7.16.1 is affected.
- Version 7.16.0, <= 7.16.0 is affected.
- Version 7.15.5, <= 7.15.5 is affected.
- Version 7.15.4, <= 7.15.4 is affected.
- Version 7.15.3, <= 7.15.3 is affected.
- Version 7.15.2, <= 7.15.2 is affected.
- Version 7.15.1, <= 7.15.1 is affected.
- Version 7.15.0, <= 7.15.0 is affected.
- Version 7.14.1, <= 7.14.1 is affected.
- Version 7.14.0, <= 7.14.0 is affected.
- Version 7.13.2, <= 7.13.2 is affected.
- Version 7.13.1, <= 7.13.1 is affected.
- Version 7.13.0, <= 7.13.0 is affected.
- Version 7.12.3, <= 7.12.3 is affected.
- Version 7.12.2, <= 7.12.2 is affected.
- Version 7.12.1, <= 7.12.1 is affected.
- Version 7.12.0, <= 7.12.0 is affected.
- Version 7.11.2, <= 7.11.2 is affected.
- Version 7.11.1, <= 7.11.1 is affected.
- Version 7.11.0, <= 7.11.0 is affected.
- Version 7.10.8, <= 7.10.8 is affected.
- Version 7.10.7, <= 7.10.7 is affected.
- Version 7.10.6, <= 7.10.6 is affected.
- Version 7.10.5, <= 7.10.5 is affected.
- Version 7.10.4, <= 7.10.4 is affected.
- Version 7.10.3, <= 7.10.3 is affected.
- Version 7.10.2, <= 7.10.2 is affected.
- Version 7.10.1, <= 7.10.1 is affected.
- Version 7.10, <= 7.10 is affected.
- Version 7.9.8, <= 7.9.8 is affected.
- Version 7.9.7, <= 7.9.7 is affected.
- Version 7.9.6, <= 7.9.6 is affected.
- Version 7.9.5, <= 7.9.5 is affected.
- Version 7.9.4, <= 7.9.4 is affected.
- Version 7.9.3, <= 7.9.3 is affected.
- Version 7.9.2, <= 7.9.2 is affected.
- Version 7.9.1, <= 7.9.1 is affected.
- Version 7.9, <= 7.9 is affected.
- Version 7.8.1, <= 7.8.1 is affected.
- Version 7.8, <= 7.8 is affected.
- Version 7.7.3, <= 7.7.3 is affected.
- Version 7.7.2, <= 7.7.2 is affected.
- Version 7.7.1, <= 7.7.1 is affected.
- Version 7.7, <= 7.7 is affected.