CVE-2026-55203 haproxy CVE debrief

Who should care

Administrators and users of HAProxy versions up to 3.4.0 should be aware of this critical vulnerability. This includes anyone using HAProxy for load balancing or proxying in their infrastructure, as exploitation could lead to serious security issues.

Technical summary

CVE-2026-55203 is an integer overflow vulnerability in the fcgi_conn structure's drl field of HAProxy. When the contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0. This causes incorrect record consumption, allowing malicious FastCGI backends to desynchronize the FCGI framing parser. Potential impacts include request routing errors, response smuggling, or memory safety issues. The vulnerability was fixed in commit 5985276.

Defensive priority

high

Recommended defensive actions

• Update HAProxy to a version beyond 3.4.0 or apply the fix from commit 5985276.
• Implement additional monitoring and logging to detect potential exploitation attempts.
• Restrict access to FastCGI backends to trusted sources only.
• Consider using a Web Application Firewall (WAF) to detect and prevent attacks.
• Review and update incident response plans to address potential impacts of exploitation.
• Isolate affected systems and apply patches immediately.

Evidence notes

The information provided is based on the CVE record and NVD details. The vulnerability was disclosed by Vulncheck and fixed in a commit to the HAProxy project. The CVE record and NVD details provide additional context and information about the vulnerability.

Official resources