What is the CVSS score of CVE-2026-3784?

CVE-2026-3784 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of Curl are affected by CVE-2026-3784?

CVE-2026-3784 presents notable security risk rated CVSS 6.5. Exploitation could compromise the security of affected deployments. Proof-of-concept code is publicly available.. A patch is available.

Is there a public PoC exploit available for CVE-2026-3784?

Yes, a public proof-of-concept exploit is available for CVE-2026-3784. Prioritise patching immediately. EPSS: 0.0%.

Curl CVE-2026-3784

MEDIUM

Authentication Bypass by Primary Weakness (CWE-305)

2026-03-11 2499f714-1537-4658-8207-48ae4bb9eae9

Information Disclosure Red Hat Curl Suse

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

PoC Detected

Mar 12, 2026 - 14:09 vuln.today

Public exploit code

Patch released

Mar 12, 2026 - 14:09 nvd

Patch available

CVE Published

Mar 11, 2026 - 11:16 nvd

MEDIUM 6.5

DescriptionNVD

curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a separate connection.

AnalysisAI

curl's HTTP proxy connection reuse mechanism fails to validate credential changes, allowing an attacker to intercept or manipulate traffic by leveraging an existing proxy connection established with different authentication. This affects users whose applications reuse proxy connections across requests with varying credentials, enabling credential confusion attacks. …

RemediationAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory