377 matches found
CVE-2026-9697
A flaw was found in undici. When undici's ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier URI, it silently ignores Transport Layer Security TLS options, such as custom Certificate Authorities CAs. This allows a remote attacker to perform a Man-in-the-Middle MITM attack,...
Improper Certificate Validation
Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Improper Certificate Validation in the ProxyAgent when configured with a SOCKS5 proxy URI, which causes the requestTls option to be silently dropped. An attacker can...
Improper Certificate Validation
Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Improper Certificate Validation in the ProxyAgent when configured with a SOCKS5 proxy URI, which causes the requestTls option to be silently dropped. An...
CVE-2026-9697 undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent
Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servernam...
CVE-2026-9697 undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent
Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servernam...
CVE-2026-9697
undici’s ProxyAgent drops the requestTls option when used with a SOCKS5 proxy (socks5:// or socks://), causing the HTTPS connection to rely on Node’s default trust store and ignore user-provided ca, cert, key, rejectUnauthorized, and servername. This allows any cert signed by a publicly trusted C...
CVE-2026-6734
Summary of CVE-2026-6734 : A vulnerability in undici’s Socks5ProxyAgent causes cross-origin request routing by reusing a single connection pool across multiple origins without verifying the pool origin. As a result, requests for origin B can be dispatched through the pool for origin A; credential...
Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: python-urllib3: python3-urllib3+brotli-2.7.0-3.hum1 noarch python3-urllib3+h2-2.7.0-3.hum1 noarch python3-urllib3+socks-2.7.0-3.hum1 noarch python3-urllib3+zstd-2.7.0-3.hum1 noarch...
CVE-2026-47071
Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackneysocks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiation phase, but then upgrades the connection to TLS using the two-argument form ssl:connect/2, which...
CVE-2026-47071 SOCKS5 TLS upgrade ignores caller timeout in hackney
Uncontrolled Resource Consumption vulnerability in benoitc hackney allows Flooding. The SOCKS5 transport in src/hackneysocks5.erl correctly applies the caller-supplied timeout to the SOCKS5 negotiation phase, but then upgrades the connection to TLS using the two-argument form ssl:connect/2, which...
Hackney 安全漏洞
Hackney is a program library from Hackney, Inc. A security vulnerability exists in hackney versions prior to 0.10.0 through 4.0.1, which stems from the use of an infinite timeout by the SOCKS5 transport during TLS upgrades, which could result in infinite blocking of the connection process...
MAL-2026-4704 Malicious code in veteran-proxy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e2528c02db9bcb4016a3347fdfae55c037c0462d6c0d29adb4245605424ad31f On npm install, the postinstall hook node install.js downloads a platform-specific binary archive from a hardcoded...
[SECURITY] [DSA 6252-1] prosody security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6252-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 07, 2026 https://www.debian.org/security/faq -...
org.webjars.npm:npmcli__agent (>=2.2.2 <=3.0.0), org.webjars.npm:pac-proxy-agent (=4.1.0) +6 more potentially affected by CVE-2026-42338 via org.webjars.npm:ip-address (>=5.8.9 <=9.0.5)
org.webjars.npm:ip-address MAVEN version =5.8.9, =2.2.2, =2.8.3, =5.0.0, =8.0.5 - org.webjars.npm:socks5-client =1.2.6 - org.webjars.npm:socks5-http-client =1.0.4 - org.webjars.npm:socks5-https-client =1.2.1 Source cves: CVE-2026-42338 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16636414...
Anonymizing Network Traffic: A Dive into SOCKS5 and Data Encryption
SOCKS5 protocol explained: anonymize traffic, boost security with encryption, bypass restrictions, and enable reliable data collection for business use...
Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads
A nascent Android remote access trojan called Mirax has been observed actively targeting Spanish-speaking countries, with campaigns reaching more than 220,000 accounts on Facebook, Instagram, Messenger, and Threads through advertisements on Meta. "Mirax integrates advanced Remote Access Trojan RA...
New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy
Cybersecurity researchers have flagged a new variant ofmalware called Chaos that'scapable of hitting misconfigured cloud deployments, marking an expansion of the botnet's targeting infrastructure. "Chaos malware is increasingly targeting misconfigured cloud deployments, expanding beyond its...
EcoStruxure IT Data Center Expert <= 9.0 Use of Hard-coded Credentials (SEVD-2026-069-05)
The version of EcoStruxure IT Data Center Expert installed on the remote host is 9.0 or prior. It is, therefore, affected by a vulnerability as referenced in the SEVD-2026-069-05 advisory. - Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code...
CVE-2025-13957
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known. SOCKS Proxy is disabled by default...
EUVD-2025-208474
CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known. SOCKS Proxy is disabled by default...