Cross-Origin Request Routing in Undici's Socks5ProxyAgent
CVE-2026-6734

7.5HIGH

Key Information:

Vendor: Undici
Status: Undici
Vendor: CVE Published:; 17 June 2026

What is CVE-2026-6734?

The vulnerability arises from the Socks5ProxyAgent in Undici, which improperly manages a single connection pool for multiple origins. This behavior leads to cross-origin request routing, where requests or credentials intended for one origin are sent to another, potentially exposing sensitive data and downgrading HTTPS requests to HTTP without user knowledge. Applications utilizing Socks5ProxyAgent to connect to various origins could face significant risks. Users are advised to upgrade to Undici versions 7.26.0 or 8.2.0 for resolution and can implement a separate instance of Socks5ProxyAgent for each origin as a workaround.

Affected Version(s)

undici 7.23.0 < 7.26.0

undici 8.0.0 < 8.2.0

undici 7.26.0

References

https://github.com/nodejs/undici/security/advisories/GHSA...

https://cna.openjsf.org/security-advisories.html

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
Apr 20, 2026

Credit

ChALkeR

mcollina

UlisesGascon

deepview-autofix

CVE-2026-6734 Data

JSON