Known Vulnerabilities for products from HAProxy
Listed below are 20 of the newest known vulnerabilities associated with the vendor "HAProxy".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33555 json | Not Provided | 2026-04-13 | 2026-04-14 | |
| CVE-2026-5501 json | Not Provided | 2026-04-10 | 2026-04-10 | |
| CVE-2023-45539 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.2 - HIGH | 2023-11-28 | 2023-12-04 |
| CVE-2023-40225 json | HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x ... | 7.2 - HIGH | 2023-08-10 | 2023-08-18 |
| CVE-2023-25950 json | HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter ... | 7.3 - HIGH | 2023-04-11 | 2023-11-07 |
| CVE-2023-25725 json | HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, a... | 9.1 - CRITICAL | 2023-02-14 | 2023-11-07 |
| CVE-2023-0836 json | An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11... | 7.5 - HIGH | 2023-03-29 | 2023-11-07 |
| CVE-2023-0056 json | An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could ... | 6.5 - MEDIUM | 2023-03-23 | 2023-04-03 |
| CVE-2022-0711 json | A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an at... | 7.5 - HIGH | 2022-03-02 | 2023-11-07 |
| CVE-2021-40346 json | An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smug... | 7.5 - HIGH | 2021-09-08 | 2023-11-07 |
| CVE-2021-39242 json | An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation wit... | 7.5 - HIGH | 2021-08-17 | 2023-11-07 |
| CVE-2021-39241 json | An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP met... | 5.3 - MEDIUM | 2021-08-17 | 2023-11-07 |
| CVE-2021-39240 json | An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the sc... | 7.5 - HIGH | 2021-08-17 | 2023-11-07 |
| CVE-2020-11100 json | In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write ... | 8.8 - HIGH | 2020-04-02 | 2023-11-07 |
| CVE-2019-19330 json | The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), li... | 9.8 - CRITICAL | 2019-11-27 | 2023-11-07 |
| CVE-2019-18277 json | A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked"... | 7.5 - HIGH | 2019-10-23 | 2023-11-07 |
| CVE-2019-14243 json | headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in the mastercactapus caddy-proxyprotocol plugin through 0.... | 7.5 - HIGH | 2019-07-23 | 2019-12-16 |
| CVE-2019-14241 json | HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_... | 7.5 - HIGH | 2019-07-23 | 2020-08-24 |
| CVE-2019-11323 json | HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC k... | 5.9 - MEDIUM | 2019-05-09 | 2023-11-07 |
| CVE-2018-20615 json | An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can ... | 7.5 - HIGH | 2019-03-21 | 2023-11-07 |
Known software with vulnerabilities from HAProxy
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Haproxy | Haproxy | - |
| Application | Haproxy | Proxyprotocol | - |