CVE-2026-6734
Published: 17 June 2026
Summary
CVE-2026-6734 is a high-severity Origin Validation Error (CWE-346) vulnerability in Nodejs Undici. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 19.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-37760
Vulnerability details
Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination.…
more
This causes cross-origin request routing: credentials and request data intended for origin B are sent to origin A, responses from the wrong origin are trusted, and HTTPS requests may be silently downgraded to HTTP. Impacted users are applications that use Socks5ProxyAgent (directly or via setGlobalDispatcher) and make requests to more than one origin. This was introduced in undici 7.23.0 via PR #4385 and affects all versions through 8.1.0. Patches: Upgrade to undici v7.26.0 or v8.2.0. Workarounds: Use a separate Socks5ProxyAgent instance per origin, or avoid using Socks5ProxyAgent with multiple origins.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Origin validation failure + silent HTTP downgrade enables adversary-in-the-middle scenarios when multiple origins are accessed via the shared SOCKS5 pool.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Enforces verification of the source of a communication channel by requiring identification and authentication of services first.
Trusted path establishment enforces validation that the communication originates from and reaches only the intended trusted system components.
Enforces validation of the true origin of DNS responses via signatures and chain-of-trust mechanisms.
Mandates origin validation so that only legitimate endpoints can continue the authenticated session.
Enforces origin validation of name/address data, eliminating reliance on unverified or impersonated DNS sources.