Lucene search
K

6 matches found

Microsoft CVE
Microsoft CVE
added 2026/06/27 8:7 a.m.21 views

undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent

...

7.4CVSS5.8AI score0.00476EPSS
Exploits0
Snyk
Snyk
added 2026/06/17 6:20 p.m.7 views

Improper Certificate Validation

Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Improper Certificate Validation in the ProxyAgent when configured with a SOCKS5 proxy URI, which causes the requestTls option to be silently dropped. An...

7.4CVSS6.4AI score0.00476EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 6:18 p.m.5 views

UBUNTU-CVE-2026-9697

Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servernam...

7.4CVSS6.4AI score0.00476EPSS
Exploits0References3
CVE
CVE
added 2026/06/17 4:46 p.m.77 views

CVE-2026-9697

undici’s ProxyAgent drops the requestTls option when used with a SOCKS5 proxy (socks5:// or socks://), causing the HTTPS connection to rely on Node’s default trust store and ignore user-provided ca, cert, key, rejectUnauthorized, and servername. This allows any cert signed by a publicly trusted C...

7.4CVSS5.4AI score0.00476EPSS
Exploits0References14Affected Software1
Debian CVE
Debian CVE
added 2026/06/17 4:46 p.m.7 views

CVE-2026-9697

Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servernam...

7.4CVSS5.9AI score0.00476EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50517

Name of the Vulnerable Software and Affected Versions undici versions 7.23.0 through 7.27.x undici versions 8.0.0 through 8.4.x Description The ProxyAgent in undici silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. This causes the target HTTPS...

7.4CVSS5.8AI score0.00476EPSS
Exploits0References65
Rows per page
Query Builder