What is CVE-2026-6734?

CVE-2026-6734 is a high-severity vulnerability in Undici, classified under Origin Validation Error. CVSS score: 7.5/10. Published 2026-06-17.

How severe is CVE-2026-6734?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Undici

CVE-2026-6734

Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first…

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Undici — versions 7.23.0, 7.26.0, 8.0.0

Weakness classification (CWE)

CWE-346 — Origin Validation Error

References

ce714d77-add3-4f53-aff5-83d477b104bb
ce714d77-add3-4f53-aff5-83d477b104bb

Frequently asked questions

What is CVE-2026-6734?: CVE-2026-6734 is a high-severity vulnerability in Undici, classified under Origin Validation Error. CVSS score: 7.5/10. Published 2026-06-17.
How severe is CVE-2026-6734?: High severity. CVSS v3 base score is 7.5 out of 10.