2446449 – (CVE-2026-3784) CVE-2026-3784 curl: curl: Unauthorized access due to improper HTTP proxy connection reuse

Bug 2446449 (CVE-2026-3784) - CVE-2026-3784 curl: curl: Unauthorized access due to improper HTTP proxy connection reuse

Summary: CVE-2026-3784 curl: curl: Unauthorized access due to improper HTTP proxy conn...

Keywords:
Status:	NEW
Alias:	CVE-2026-3784
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2446488 2446489 2446490 2446494 2446495 2446496 2446497 2446501 2446491 2446492 2446493 2446498 2446499 2446500
Blocks:
TreeView+	depends on / blocked

Reported:	2026-03-11 11:01 UTC by OSIDB Bzimport
Modified:	2026-03-11 12:21 UTC (History)
CC List:	26 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-03-11 11:01:20 UTC

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a
server, even if the new request uses different credentials for the HTTP proxy.
The proper behavior is to create or use a separate connection.

Note You need to log in before you can comment on or make changes to this bug.

adudiak
bbrownin
crizzo
csutherl
dbosanac
gtanzill
jbuscemi
jcantril
jclere
jmitchel
jreimann
kaycoth
kshier
mdessi
mrizzi
pbohmill
pcattana
pjindal
plodge
rojacob
sdawley
stcannon
szappis
teagle
vchlup
yguenane