CVE-2026-55203
Publication date 19 June 2026
Last updated 25 June 2026
Ubuntu priority
Description
HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record consumption and allowing malicious FastCGI backends to desynchronize the FCGI framing parser, potentially causing request routing errors, response smuggling, or memory safety issues.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| haproxy | 26.04 LTS resolute |
Fixed 3.2.9-1ubuntu2.2
|
| 25.10 questing |
Fixed 3.0.12-0ubuntu0.25.10.5
|
|
| 24.04 LTS noble |
Fixed 2.8.16-0ubuntu0.24.04.3
|
|
| 22.04 LTS jammy |
Fixed 2.4.30-0ubuntu0.22.04.2
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
Severity score breakdown
CVSS version:
Base score
9.0 · Critical
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N
Base score
7.5 · High
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N
References
Related Ubuntu Security Notices (USN)
- USN-8459-1
- HAProxy vulnerabilities
- 22 June 2026