{"vulnerability": "CVE-2026-6734", "sightings": [{"uuid": "5f2a73c4-daa0-4a02-a87f-d7ab5e6033b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6734", "type": "seen", "source": "https://bsky.app/profile/ulisesgascon.com/post/3moiqvjtjr22g", "content": "\ud83d\udea8 High-severity security fix in undici (7.26.0, 8.2.0) just released!\n\nPatches CVE-2026-6734. undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse.\n\ngithub.com/nodejs/undic...", "creation_timestamp": "2026-06-17T16:40:20.695655Z"}, {"uuid": "3e9dcaa2-5c81-4ee8-9f3c-b8421255a474", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6734", "type": "seen", "source": "https://bsky.app/profile/nodeland.dev/post/3mol72n3uli2x", "content": "\ud83d\udfe0 High: SOCKS5 cross-origin routing (CVE-2026-6734).\nSocks5ProxyAgent reused one connection pool across origins without checking the origin matched. Requests/credentials could go to the wrong destination.\nFixed in 7.28.0 / 8.2.0.", "creation_timestamp": "2026-06-18T15:59:03.514324Z"}, {"uuid": "6df3101a-f6c0-4538-8c0c-efee963367b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6734", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3momlf6cpo527", "content": "CVE-2026-6734 - Undici Socks5ProxyAgent flaw. Cross-origin request routing: credentials leak, wrong origin trusted, HTTPS downgrade possible. CVSS 7.5. No patch yet. Review usage immediately. #CVE #NodeJS #infosec\n\nhttps://www.valtersit.com/cve/CVE-2026-6734/", "creation_timestamp": "2026-06-19T05:12:21.072344Z"}]}