PatchSiren cyber security CVE debrief
CVE-2026-55568 Guzzlephp CVE debrief
Guzzle, a popular PHP HTTP client, has a vulnerability that allows cleartext proxy traffic in certain configurations. This issue arises when using the built-in cURL handlers with libcurl older than 7.50.2 and an https:// proxy. The vulnerability, fixed in Guzzle 7.12.1, exposes proxy authentication credentials and the CONNECT target host and port for tunneled HTTPS requests. Affected applications are those that send requests through Guzzle's built-in cURL handlers, configure an https:// proxy expecting encryption, and run with vulnerable libcurl versions.
- Vendor
- Guzzlephp
- Product
- Guzzle
- CVSS
- MEDIUM 5.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-23
- Original CVE updated
- 2026-06-26
- Advisory published
- 2026-06-23
- Advisory updated
- 2026-06-26
Who should care
Developers and administrators using Guzzle in PHP applications, especially those relying on proxy configurations for secure communication, should be aware of this vulnerability. The vulnerability's impact is medium, with a CVSS score of 5.9, indicating a need for prompt attention to prevent potential eavesdropping and unauthorized access to sensitive information.
Technical summary
The vulnerability in Guzzle arises from the way it handles https:// proxies with libcurl versions older than 7.50.2. When using the built-in cURL handlers (GuzzleHttpHandlerCurlHandler and GuzzleHttpHandlerCurlMultiHandler), Guzzle accepts an https:// proxy. However, libcurl silently treats https:// proxies as plaintext http:// proxies, failing to establish a TLS connection to the proxy. This results in cleartext transmission of proxy authentication credentials and exposure of the CONNECT target host and port for tunneled HTTPS requests. The issue is addressed in Guzzle version 7.12.1.
Defensive priority
Apply the patch: Upgrade Guzzle to version 7.12.1 or later to fix the vulnerability. Assess proxy configurations: Review and adjust https:// proxy settings to ensure they are correctly configured for encryption, or consider alternative proxy protocols. Inventory and update libcurl: Ensure libcurl is updated to version 7.50.2 or later to prevent exploitation. Monitor for suspicious activity: Implement monitoring to detect potential unauthorized access or data breaches related to proxy traffic.
Recommended defensive actions
- Upgrade Guzzle to version 7.12.1 or later.
- Review and adjust https:// proxy settings for correct encryption configuration.
- Update libcurl to version 7.50.2 or later.
- Implement monitoring for suspicious proxy traffic activity.
- Conduct a thorough review of application configurations and proxy setups.
Evidence notes
The CVE-2026-55568 vulnerability is confirmed by official sources, including the CVE record and NVD detail pages. The vulnerability is fixed in Guzzle 7.12.1, according to the vendor's security advisory. The issue involves cleartext proxy traffic due to improper handling of https:// proxies with older libcurl versions.
Official resources
-
CVE-2026-55568 CVE record
CVE.org
-
CVE-2026-55568 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
This article is AI-assisted and based on the supplied source corpus.