Lucene search
+L

An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be used for request smuggling. The earliest affected version is 2.6.

🗓️ 15 Apr 2026 08:01:51Reported by MicrosoftType 
mscve
 mscve
🔗 msrc.microsoft.com👁 5 Views

Vulnerability CVE-2026-33555 in Microsoft products.

Related
Detection
ReporterTitlePublishedViews
Family
attackerkb
CVE-2026-33555
13 Apr 202600:00
attackerkb
alpinelinux
CVE-2026-33555
13 Apr 202600:00
alpinelinux
cbl_mariner
CVE-2026-33555 affecting package haproxy for versions less than 2.9.11-5
9 May 202603:31
cbl_mariner
cgr
CVE-2026-33555 vulnerabilities
7 Jul 202614:17
cgr
circl
CVE-2026-33555
16 Apr 202620:00
circl
cnnvd
HAProxy 安全漏洞
13 Apr 202600:00
cnnvd
cve
CVE-2026-33555
13 Apr 202600:00
cve
cvelist
CVE-2026-33555
13 Apr 202600:00
cvelist
debian
[SECURITY] [DSA 6291-1] haproxy security update
22 May 202620:18
debian
debiancve
CVE-2026-33555
13 Apr 202600:00
debiancve
Rows per page
Vulners

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

29 Apr 2026 21:57Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.14 - 5.8
EPSS0.00297
SSVC
5