Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Mageia 9 haproxy Important Request Smuggling Vulnerability MGASA-2026-0146

mageia
Calendar Grey May 17, 2026
Dist Mageia Esm H88
Updated haproxy packages in Mageia address critical HTTP/3 parser issue potentially compromising data integrity.

MGASA-2026-0146 - Updated haproxy packages fix security vulnerability

Summary

Description: The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be used for request smuggling. (CVE-2026-33555)

References

- https://bugs.mageia.org/show_bug.cgi?id=35416

- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/B3PXHUYDTDFG5IIQSPNJLLIEQV4Z5WK6/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33555

Resolution

SRPMS

- 9/core/haproxy-2.8.18-1.1.mga9

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 16 May 2026
URL: https://advisories.mageia.org/MGASA-2026-0146.html
Type: security
CVE: CVE-2026-33555

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here