CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 3 days ago•9 views

CVE-2026-1784

CVE-2026-1784 affects the Route OpenShift resource (OpenShift route definitions using HAProxy) where checks on the spec.path YAML stanza are insufficient, allowing controlled injection of the HAProxy configuration. The CVE description and linked records indicate this can lead to remote code execu...

Cvelist•added 3 days ago•34 views

CVE-2026-1784 Ose-cluster-ingress-operator: remote code execution through haproxy configuration injection

8.8CVSS0.00013EPSS

ATTACKERKB•added 3 days ago•5 views

CVE-2026-1784

Vulnrichment•added 3 days ago•6 views

CVE-2026-1784 Ose-cluster-ingress-operator: remote code execution through haproxy configuration injection

EUVD•added 3 days ago•6 views

EUVD-2026-33883

RedhatCVE•added 3 days ago•4 views

CVE-2026-1784

Positive Technologies•added 3 days ago•6 views

PT-2026-45701

Fedora•added 2026/05/27 1:27 a.m.•6 views

[SECURITY] Fedora 43 Update: haproxy-3.0.23-2.fc43

HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...

7.5CVSS7.1AI score0.00468EPSS

Exploits0

Tenable Nessus•added 2026/05/27 12:0 a.m.•10 views

Fedora 42 : haproxy (2026-d790d66a08)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d790d66a08 advisory. Upgrade to 3.0.23 see https://www.haproxy.org/download/3.0/src/CHANGELOG for full upstream changelog Tenable has extracted the preceding description...

7.5CVSS5.9AI score0.00468EPSS

Tenable Nessus•added 2026/05/27 12:0 a.m.•6 views

Fedora 44 : haproxy (2026-53196fc291)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-53196fc291 advisory. Upgrade to 3.0.23 see https://www.haproxy.org/download/3.0/src/CHANGELOG for full upstream changelog Tenable has extracted the preceding description...

7.5CVSS7.2AI score0.00468EPSS

Tenable Nessus•added 2026/05/27 12:0 a.m.•5 views

Fedora 43 : haproxy (2026-164a1e3151)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-164a1e3151 advisory. Upgrade to 3.0.23 see https://www.haproxy.org/download/3.0/src/CHANGELOG for full upstream changelog Tenable has extracted the preceding description...

7.5CVSS7.2AI score0.00468EPSS

Tenable Nessus•added 2026/05/25 12:0 a.m.•9 views

Debian dsa-6291 : haproxy - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6291 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6291-1 [email protected] https://www.debian.org/security/...

4CVSS5.8AI score0.00013EPSS

Exploits0References4

Debian•added 2026/05/22 8:18 p.m.•12 views

[SECURITY] [DSA 6291-1] haproxy security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6291-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 22, 2026 https://www.debian.org/security/faq -...

4CVSS5.8AI score0.00013EPSS

Exploits0

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в haproxy

In HAProxy versions 2.2 through 3.1.6, under certain unusual configurations, there is a heap-based buffer overflow due to improper handling of replacing multiple short patterns with a longer one...

6.8CVSS6.6AI score0.02113EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в haproxy

A issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. This issue can lead to a situation where the HTTP Host header is controlled by an attacker, due to a mismatch between the Host field and its corresponding authority value being mishandled...

7.5CVSS7.1AI score0.00467EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в haproxy

There is an integer overflow in HAProxy versions 2.0 to 2.5, specifically in the htxaddheader function, which can be exploited to perform an HTTP request smuggling attack. This allows an attacker to bypass all configured http-request HAProxy Access Control Lists and possibly other access control...

7.5CVSS7.4AI score0.92378EPSS

Exploits5References2

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в haproxy

Before version 2.7.3, HAProxy might allow a bypass of access control mechanisms, as HTTP/1 headers were inadvertently lost in certain situations, also known as “request smuggling.” The HTTP header parsers in HAProxy might accept empty header field names, which could be used to omit the list of HT...

9.1CVSS7.1AI score0.17535EPSS