What is CVE-2026-55568?

CVE-2026-55568 is a medium-severity vulnerability in Guzzle, classified under Missing Encryption of Sensitive Data. CVSS score: 5.9/10. Published 2026-06-23.

How severe is CVE-2026-55568?

Medium severity. CVSS v3 base score is 5.9 out of 10.

Vulnerability in Guzzle

CVE-2026-55568

Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, in certain configurations, traffic expected to be protected by TLS on the hop to the proxy is transmitted in cleartext. Proxy authentication credentials (the Proxy-Authorization hea…

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Guzzle — versions < 7.12.1

Weakness classification (CWE)

CWE-311 — Missing Encryption of Sensitive Data
CWE-319 — Cleartext Transmission of Sensitive Information
CWE-636

References

security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-55568?: CVE-2026-55568 is a medium-severity vulnerability in Guzzle, classified under Missing Encryption of Sensitive Data. CVSS score: 5.9/10. Published 2026-06-23.
How severe is CVE-2026-55568?: Medium severity. CVSS v3 base score is 5.9 out of 10.