CVE-2026-3784

medium

Red Hat

CVSS v3 Base Score

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Published: March 11, 2026

Last Modified: March 11, 2026

Vendor: Red Hat

Source: REDHAT

Description

A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.

CWE

CWE-305

Affected Products

Confidential Compute AttestationLogging Subsystem for Red Hat OpenShiftRed Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat JBoss Core ServicesRed Hat OpenShift Container Platform 4

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 www.openwall.com 🔗 curl.se

CVE-2026-3784

Vulnerability Report

Description

CWE

Affected Products

References