HAProxy could be made to expose sensitive information over the network.
Software Description:
- haproxy: fast and reliable load balancing reverse proxy
Details:
Martino Spagnuolo discovered that HAProxy did not check received body
lengths in the HTTP/3 parser. A remote attacker could possibly use this
issue to perform a request smuggling attack and obtain sensitive
information.
The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 haproxy 3.0.12-0ubuntu0.25.10.4 Ubuntu 24.04 LTS haproxy 2.8.16-0ubuntu0.24.04.2 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-8208-1
CVE-2026-33555
Get the latest Linux and open source security news straight to your inbox.