CVE-2026-33555

An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be...

HAProxy 安全漏洞

HAProxy is an open-source TCP/HTTP load balancing server developed by the French company HAProxy. This server provides layer-4 and layer-7 proxy services and can support thousands of connections. It features efficiency and stability. Prior to version 3.3.6, HAProxy had security vulnerabilities...

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: rqlite, cloudnative-pg, opensearch-k8s-operator, crossplane-provider-azure-managedidentity, terraform-provider-aws, kubescape, harbor, victoriametrics-cluster, flannel, flux-operator, terraform-mcp-server, kube-state-metrics, sftpgo-plugin-pubsub, victoriametrics,...

GHSA-GJVH-7JH8-7XHM vulnerabilities

Vulnerabilities for packages: step-fips, falcoctl-fips, nri-apache-fips, kyverno-fips, request-1279-14, cilium-certgen-fips, prometheus-podman-exporter, secrets-store-csi-driver-provider-aws-fips, mig-parted-fips, rqlite, cloud-provider-gcp-cloud-controller-manager-fips, cloudnative-pg,...

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: step-fips, falcoctl-fips, nri-apache-fips, kyverno-fips, request-1279-14, cilium-certgen-fips, prometheus-podman-exporter, secrets-store-csi-driver-provider-aws-fips, mig-parted-fips, rqlite, cloud-provider-gcp-cloud-controller-manager-fips, cloudnative-pg,...

EUVD-2026-21294

wolfSSLX509verifycert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints CA:FALSE that is legitimately signed by a trusted root. An attacker who obtains any leaf...

CVE-2026-5501

wolfSSLX509verifycert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints CA:FALSE that is legitimately signed by a trusted root. An attacker who obtains any leaf...

Linux Distros Unpatched Vulnerability : CVE-2026-5501

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSLX509verifycert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an...

CLEANSTART-2026-FZ57809 Security fixes for CVE-2025-61732, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142 applied in versions: 0.15.1-r0

Multiple security vulnerabilities affect the haproxy-ingress package. These issues are resolved in later releases. See references for individual vulnerability details...

curl: CRLF Injection in HAProxy PROXY Protocol via CURLOPT_HAPROXY_CLIENT_IP allows IP spoofing and protocol injection

Summary: CURLOPTHAPROXYCLIENTIP introduced in curl 8.2.0 accepts arbitrary strings without any validation or sanitization before injecting them into the HAProxy PROXY protocol v1 header. An attacker who can influence the value passed to this option e.g., through a web application that proxies...

randstad-linux-azure-architect-poc

Randstad Azure Linux Architect — POC GitHub: https://gith...

CTF As a Service: A Reproducible and Scalable Infrastructure for Cybersecurity Training

Capture The Flag CTF competitions have established themselves as a highly effective pedagogical tool in cybersecurity education, offering students hands-on experience in realistic attack and defense scenarios. However, organizing and hosting these events requires considerable infrastructure effor...

Advisory ROSA-SA-2026-3253

Software: haproxy 3.2.13 WASP: ROSA-CHROME unaffected versions = haproxy-3.2.13-1 affected versions haproxy-3.2.13-1 CVE-ID: CVE-2025-11230 BDU-ID: 2025-13169 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the HAProxy server software is related to algorithmic complexity. Exploitation of the...

CVE-2026-27811 Roxy-WI has a Command Injection via diff parameter in config comparison allows authenticated RCE

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.3, a command injection vulnerability exists in the /config/compare///show endpoint, allowed authenticated users to execute arbitrary system commands on the app host. The vulnerability...

EulerOS 2.0 SP11 : haproxy (EulerOS-SA-2026-1580)

According to the versions of the haproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON...

Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2026-1580)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for haproxy (EulerOS-SA-2026-1608)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP11 : haproxy (EulerOS-SA-2026-1608)

According to the versions of the haproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Inefficient algorithm complexity in mjson in HAProxy allows remote attackers to cause a denial of service via specially crafted JSON...

openSUSE 16 Security Update : haproxy (openSUSE-SU-2026:20290-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20290-1 advisory. - Update to version 3.2.12+git0.6011f448e - CVE-2026-26081: Fixed a DOS vulnerability in QUIC. bsc1257976 - CVE-2026-26080: Fixed a DOS...

Security update for haproxy (moderate)

openSUSE security update: security update for haproxy ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20290-1 Rating: moderate References: bsc1257521 bsc1257976 Cross-References: CVE-2026-26080 CVE-2026-26081 CVSS scores: CVE-2026-26080 SUSE : 7.5...