CVE-2026-55204

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

CVE-2026-55203

HAProxy

Astra Linux - уязвимость в haproxy

A issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. A HTTP method name may contain a space followed by the name of a protected resource. It is possible that a server would interpret this as a request for that protected resource, as in t...

Unity Linux 20.1060e / 20.1070e Security Update: haproxy (UTSA-2026-017416)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017416 advisory. An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host heade...

Unity Linux 20.1060e / 20.1070e Security Update: haproxy (UTSA-2026-017418)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017418 advisory. An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the scheme and path portions of a URI have the...

Unity Linux 20.1060e / 20.1070e Security Update: haproxy (UTSA-2026-017423)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017423 advisory. An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method name may contain a space followed by...

RHCOS 4 : OpenShift Container Platform 4.9.26 (RHSA-2022:1021)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1021 advisory. - haproxy: Denial of service via set-cookie2 header CVE-2022-0711 - workflow-cps: OS command execution through crafted SCM contents...

RHCOS 4 : OpenShift Container Platform 4.8.36 (RHSA-2022:1153)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:1153 advisory. - haproxy: Denial of service via set-cookie2 header CVE-2022-0711 Note that Nessus has not tested for this issue but has instead relied only ...

RHCOS 4 : OpenShift Container Platform 4.6.53 (RHSA-2022:0024)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0024 advisory. - haproxy: an HTTP method name may contain a space followed by the name of a protected resource CVE-2021-39241 - haproxy: request...

RHCOS 6 : haproxy (RHSA-2013:0729)

The remote Red Hat Enterprise Linux CoreOS 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2013:0729 advisory. - haproxy: rewrite rules flaw can lead to arbitrary code execution CVE-2013-1912 Note that Nessus has not tested for this issue but has inste...

RHCOS 3 : OpenShift Container Platform 3.9 haproxy (RHSA-2019:0547)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:0547 advisory. - haproxy: Out-of-bounds read in dns.c:dnsvalidatednsresponse allows for memory disclosure CVE-2018-20102 - haproxy: Mishandling of...

RHCOS 4 : OpenShift Container Platform 4.11.57 (RHSA-2024:0308)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0308 advisory. - haproxy: Proxy forwards malformed empty Content-Length headers CVE-2023-40225 Note that Nessus has not tested for this issue but has instea...

RHCOS 3 : OpenShift Container Platform 3.10 haproxy (RHSA-2019:0548)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:0548 advisory. - haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash CVE-2018-20615 Note that Nessus has not...

Astra Linux – Vulnerability in HAPProxy

Before version 2.7.3, HAProxy might allow a bypass of access control mechanisms, as HTTP/1 headers were inadvertently lost in certain situations, also known as “request smuggling.” The HTTP header parsers in HAProxy might accept empty header field names, which could be used to omit the list of HT...

Astra Linux – Vulnerability in HAPProxy

Before version 2.8.2, HAProxy allowed to be part of the URI component. This could allow remote attackers to obtain sensitive information or cause unspecified other issues due to misinterpretation of the pathend rule, such as routing index.html.png to a static server...

Ubuntu 24.04 LTS / 25.10 / 26.04 LTS : HAProxy vulnerability (USN-8208-1)

The remote Ubuntu 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8208-1 advisory. Martino Spagnuolo discovered that HAProxy did not check received body lengths in the HTTP/3 parser. A remote attacker could possibly use this...

HAProxy 安全漏洞

HAProxy is an open-source TCP/HTTP load balancing server developed by the French company HAProxy. This server provides layer-4 and layer-7 proxy services and can support thousands of connections. It features efficiency and stability. Prior to version 3.3.6, HAProxy had security vulnerabilities...

EulerOS 2.0 SP11 : haproxy (EulerOS-SA-2026-1580)

According to the versions of the haproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON...

Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2026-1608)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-8036-1: HAProxy vulnerability

Asim Viladi Oglu Manizada discovered that HAProxy incorrectly handled certain INITIAL packets. A remote attacker could possibly use this issue to cause HAProxy to crash, resulting in a denial of service...