HAProxy Aloha
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in HAProxy Aloha.
By the Year
In 2026 there have been 2 vulnerabilities in HAProxy Aloha with an average score of 7.5 out of ten.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 7.50 |
It may take a day or so for new Aloha vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent HAProxy Aloha Security Vulnerabilities
HAProxy 3.4.0 Null Pointer Deref in hpack_dht_insert() DoS
CVE-2026-55204
7.5 - High
- June 18, 2026
HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c that fails to validate the return value of hpack_dht_defrag() when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memory pressure to dereference a NULL pointer and crash HAProxy worker processes, causing denial of service.
NULL Pointer Dereference
HAProxy <3.4.0 Integer Overflow in FastCGI Conn drl Field
CVE-2026-55203
7.5 - High
- June 18, 2026
HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record consumption and allowing malicious FastCGI backends to desynchronize the FCGI framing parser, potentially causing request routing errors, response smuggling, or memory safety issues.
Integer Overflow or Wraparound
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for HAProxy Aloha or by HAProxy? Click the Watch button to subscribe.
