CVE-2026-55204 haproxy CVE debrief

Who should care

Administrators and users of HAProxy, particularly those using versions up to 3.4.0, should be aware of this vulnerability and take immediate action to patch or mitigate it. This vulnerability has a high CVSS score of 8.7, indicating a significant risk to affected systems.

Technical summary

The vulnerability is caused by a null pointer dereference in the hpack_dht_insert() function within src/hpack-tbl.c. The function fails to validate the return value of hpack_dht_defrag() when the memory pool is exhausted. An attacker can exploit this vulnerability by triggering HPACK dynamic table insertions under memory pressure, causing the program to dereference a NULL pointer and crash HAProxy worker processes.

Defensive priority

High

Recommended defensive actions

• Patch HAProxy to version 3.4.0 or later, or apply the fix from commit 9a6d1fe.
• Limit memory usage and monitor memory pressure to prevent exploitation.
• Implement rate limiting on HPACK dynamic table insertions.
• Monitor HAProxy logs for signs of potential exploitation.
• Consider using a Web Application Firewall (WAF) to detect and prevent attacks.
• Regularly update and patch HAProxy to prevent exploitation of known vulnerabilities.

Evidence notes

The vulnerability was reported by Vulncheck and is publicly documented in the NVD database. The CVE record and NVD detail pages provide additional information on the vulnerability. [ref-4] and [ref-5] provide source references for the vulnerability.

Official resources