Bug 2446449 (CVE-2026-3784)
| Summary: | CVE-2026-3784 curl: curl: Unauthorized access due to improper HTTP proxy connection reuse | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | adudiak, bbrownin, crizzo, csutherl, dbosanac, gtanzill, jbuscemi, jcantril, jclere, jmitchel, jreimann, kaycoth, kshier, mdessi, mrizzi, pbohmill, pcattana, pjindal, plodge, rojacob, sdawley, stcannon, szappis, teagle, vchlup, yguenane |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker gaining unauthorized access to resources or information intended for a different user.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2446488, 2446489, 2446490, 2446494, 2446495, 2446496, 2446497, 2446501, 2446491, 2446492, 2446493, 2446498, 2446499, 2446500 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-03-11 11:01:20 UTC
|