CVE-2026-6734
published 2026-06-17CVE-2026-6734: Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the…
PriorityP354high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.28%
19.4th percentile
Impact:
When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination.
This causes cross-origin request routing: credentials and request data intended for origin B are sent to origin A, responses from the wrong origin are trusted, and HTTPS requests may be silently downgraded to HTTP.
Impacted users are applications that use Socks5ProxyAgent (directly or via setGlobalDispatcher) and make requests to more than one origin.
This was introduced in undici 7.23.0 via PR #4385 and affects all versions through 8.1.0.
Patches:
Upgrade to undici v7.26.0 or v8.2.0.
Workarounds:
Use a separate Socks5ProxyAgent instance per origin, or avoid using Socks5ProxyAgent with multiple origins.
Affected
32 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ansible-automation-platform | automation-portal | — | — |
| ansible-automation-platform | bootc-automation-portal-rhel9 | — | — |
| devspaces | code-rhel9 | — | — |
| devspaces | dashboard-rhel9 | — | — |
| devspaces | openvsx-rhel9 | — | — |
| devspaces | pluginregistry-rhel9 | — | — |
| nodejs | nodejs | — | — |
| nodejs | undici | >= 7.23.0 < 7.28.0 | 7.28.0 |
| nodejs | undici | >= 8.0.0 < 8.2.0 | 8.2.0 |
| nodejs_24 | nodejs | — | — |
| odf4 | ocs-client-console-rhel9 | — | — |
| odf4 | odf-console-rhel9 | — | — |
| odf4 | odf-multicluster-console-rhel9 | — | — |
| openshift-pipelines | pipelines-console-plugin-pf5-rhel9 | — | — |
| openshift-pipelines | pipelines-console-plugin-rhel8 | — | — |
| openshift-pipelines | pipelines-console-plugin-rhel9 | — | — |
| openshift4 | ose-agent-installer-ui-rhel9 | — | — |
| openshift4 | ose-monitoring-plugin-rhel9 | — | — |
| rhdh | rhdh-hub-rhel9 | — | — |
| rhoai | odh-dashboard-rhel9 | — | — |
| rhoai | odh-mod-arch-automl-rhel9 | — | — |
| rhoai | odh-mod-arch-autorag-rhel9 | — | — |
| rhoai | odh-mod-arch-eval-hub-rhel9 | — | — |
| rhoai | odh-mod-arch-gen-ai-rhel9 | — | — |
| rhoai | odh-mod-arch-maas-rhel9 | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvelistv5v3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse
ghsa·2026-06-19
CVE-2026-6734 [HIGH] CWE-346 undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse
undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse
## Impact
When using `Socks5ProxyAgent`, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination.
This causes cross-origin request routing: credentials and request data intended for origin B are sent to origin A, responses from the wrong origin are trusted, and HTTPS requests may be silently downgraded to HTTP.
Impacted users are applications that use `Socks5ProxyAgent` (directly or via `setGlobalDispatcher`) and make requests to more than one origin.
This was introduced in undici 7.23.0 via [#4385](https://github.com
VulDB
undici up to 7.25.x/8.1.x Destination origin validation (GHSA-hm92-r4w5-c3mj)
vuldb·2026-06-17
CVE-2026-6734 [LOW] undici up to 7.25.x/8.1.x Destination origin validation (GHSA-hm92-r4w5-c3mj)
A vulnerability was found in undici up to 7.25.x/8.1.x and classified as problematic. Affected is an unknown function of the component Destination Handler. The manipulation results in origin validation error.
This vulnerability is identified as CVE-2026-6734. The attack can be executed remotely. There is not any exploit available.
It is suggested to upgrade the affected component.
CVEList
undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse
cvelistv5·2026-06-17·CVSS 7.5
CVE-2026-6734 [HIGH] CWE-346 undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse
undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse
Impact:
When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination.
This causes cross-origin request routing: credentials and request data intended for origin B are sent to origin A, responses from the wrong origin are trusted, and HTTPS requests may be silently downgraded to HTTP.
Impacted users are applications that use Socks5ProxyAgent (directly or via setGlobalDispatcher) and make requests to more than one origin.
This was introduced in undici 7.23.0 via PR #4385 and affects all versions t
Red Hat
undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing
vendor_redhat·2026-06-17·CVSS 7.5
CVE-2026-6734 [HIGH] CWE-940 undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing
undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing
Impact:
When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination.
This causes cross-origin request routing: credentials and request data intended for origin B are sent to origin A, responses from the wrong origin are trusted, and HTTPS requests may be silently downgraded to HTTP.
Impacted users are applications that use Socks5ProxyAgent (directly or via setGlobalDispatcher) and make requests to more than one origin.
This was introduced in undici 7.23.0 vi
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-6734 nodejs24: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing [fedora-all]
bugzilla·2026-06-17
CVE-2026-6734 [HIGH] CVE-2026-6734 nodejs24: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing [fedora-all]
CVE-2026-6734 nodejs24: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-6734 nodejs20: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing [fedora-all]
bugzilla·2026-06-17
CVE-2026-6734 [HIGH] CVE-2026-6734 nodejs20: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing [fedora-all]
CVE-2026-6734 nodejs20: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-6734 undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing
bugzilla·2026-06-17
CVE-2026-6734 [HIGH] CVE-2026-6734 undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing
CVE-2026-6734 undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing
Impact:
When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination.
This causes cross-origin request routing: credentials and request data intended for origin B are sent to origin A, responses from the wrong origin are trusted, and HTTPS requests may be silently downgraded to HTTP.
Impacted users are applications that use Socks5ProxyAgent (directly or via setGlobalDispatcher) and make requests to more than one origin.
This was introduced in
Bugzilla
CVE-2026-6734 fbthrift: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing [fedora-all]
bugzilla·2026-06-17
CVE-2026-6734 [HIGH] CVE-2026-6734 fbthrift: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing [fedora-all]
CVE-2026-6734 fbthrift: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-6734 nodejs22: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing [fedora-all]
bugzilla·2026-06-17
CVE-2026-6734 [HIGH] CVE-2026-6734 nodejs22: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing [fedora-all]
CVE-2026-6734 nodejs22: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
https://cna.openjsf.org/security-advisories.htmlhttps://github.com/nodejs/undici/security/advisories/GHSA-hm92-r4w5-c3mjhttps://access.redhat.com/errata/RHSA-2026:22380https://access.redhat.com/errata/RHSA-2026:22934https://access.redhat.com/errata/RHSA-2026:7378https://access.redhat.com/security/cve/CVE-2026-6734https://bugzilla.redhat.com/show_bug.cgi?id=2490024https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6734.json
2026-06-17
Published