CVE-2026-6734— undici 通过 SOCKS5 代理池复用遭受跨域请求路由漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2026-6734の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse
ソース: NVD (National Vulnerability Database)
脆弱性説明
Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This causes cross-origin request routing: credentials and request data intended for origin B are sent to origin A, responses from the wrong origin are trusted, and HTTPS requests may be silently downgraded to HTTP. Impacted users are applications that use Socks5ProxyAgent (directly or via setGlobalDispatcher) and make requests to more than one origin. This was introduced in undici 7.23.0 via PR #4385 and affects all versions through 8.1.0. Patches: Upgrade to undici v7.26.0 or v8.2.0. Workarounds: Use a separate Socks5ProxyAgent instance per origin, or avoid using Socks5ProxyAgent with multiple origins.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
源验证错误
ソース: NVD (National Vulnerability Database)
影響を受ける製品
II. CVE-2026-6734の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2026-6734のインテリジェンス情報
请登录查看更多情报信息。
CVE-2026-6734 厂商安全公告 (1)
Same Patch Batch · undici · 2026-06-17 · 8 CVEs total
| CVE-2026-9675 | 7.5 HIGH | undici WebSocket client vulnerable to denial of service via cumulative fragment bypass |
| CVE-2026-12151 | 7.5 HIGH | undici WebSocket client vulnerable to denial of service via fragment count bypass |
| CVE-2026-9697 | 7.4 HIGH | undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 Pr |
| CVE-2026-9679 | 5.9 MEDIUM | undici vulnerable to HTTP header injection via Set-Cookie percent-decoding |
| CVE-2026-9678 | 5.9 MEDIUM | undici vulnerable to cross-user information disclosure via shared cache whitespace bypass |
| CVE-2026-6733 | 3.7 LOW | undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse |
| CVE-2026-11525 | 3.7 LOW | undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matc |
IV. 関連脆弱性
同じ製品: undici
- CVE-2026-11525
undici vulnerable to Set-Cookie SameSite attribute downgrade - CVE-2026-6733
undici vulnerable to HTTP response queue poisoning via keep- - CVE-2026-9678
undici vulnerable to cross-user information disclosure via s - CVE-2026-9679
undici vulnerable to HTTP header injection via Set-Cookie pe - CVE-2026-9697
undici vulnerable to TLS certificate validation bypass via d
同じベンダー: undici
- CVE-2026-11525
undici vulnerable to Set-Cookie SameSite attribute downgrade - CVE-2026-6733
undici vulnerable to HTTP response queue poisoning via keep- - CVE-2026-9678
undici vulnerable to cross-user information disclosure via s - CVE-2026-9679
undici vulnerable to HTTP header injection via Set-Cookie pe - CVE-2026-9697
undici vulnerable to TLS certificate validation bypass via d
同じ弱点: CWE-346
- CVE-2026-47825
Spring Cloud Gateway Server Forwards Headers from Untrusted - CVE-2026-9595
webpack-dev-server vulnerable to HMR WebSocket interception - CVE-2026-11624
Google MCP Toolbox for Databases 输入验证错误漏洞 - CVE-2026-45173
Idira Identity Browser Extension: Unauthorized Application I - CVE-2026-41700
Cross-Site WebSocket Hijacking in Spring for GraphQL
V. CVE-2026-6734へのコメント
まだコメントはありません