CVE Tools

haproxy

Networking InfrastructureFRoss-project

10

Cumulative CVEs

7

Monthly snapshots

#67

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting haproxy.

CVE-2026-55204HAProxy - NULL Pointer Dereference in hpack_dht_insert Function7.5Jun 18, 2026
CVE-2026-55203HAProxy - Integer Overflow in FCGI Demux Record Length Field7.5Jun 18, 2026
CVE-2026-33555An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame w...4.0Apr 13, 2026
CVE-2025-11230Denial of service vulnerability in HAProxy mjson library7.5Nov 19, 2025
CVE-2025-59303HAProxy Kubernetes Ingress Controller before 3.1.13, when the config-snippets feature flag is used, accepts config snippets from users with create/update permissions. This can result in obtaining a...6.4Oct 8, 2025
CVE-2025-32464HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer...6.8Apr 9, 2025
CVE-2024-45506HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as ex...7.5Sep 4, 2024
CVE-2023-45539HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end...8.2Nov 28, 2023
CVE-2023-40225HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length head...7.2Aug 10, 2023
CVE-2023-25950HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensit...7.3Apr 11, 2023
CVE-2023-0836An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitializ...7.5Mar 29, 2023
CVE-2023-0056An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malici...6.5Mar 23, 2023
CVE-2023-25725HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept em...9.1Feb 14, 2023
CVE-2022-0711A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite l...7.5Mar 2, 2022
CVE-2021-40346An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request...7.5Sep 8, 2021