CVE-2026-55203 | HAProxy through 3.4.0, fixed in commit 5985276, contains an … | CVSS 7.5 HIGH

Description

HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record consumption and allowing malicious FastCGI backends to desynchronize the FCGI framing parser, potentially causing request routing errors, response smuggling, or memory safety issues.

Metadata

CVE ID: CVE-2026-55203
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-06-16 15:53 UTC
Published: 2026-06-18 16:05 UTC
Last updated: 2026-06-18 16:05 UTC
Primary CWE: CWE-190
Integer Overflow or Wraparound
Vendor / Product: haproxy / haproxy
Sources: cve.org · NVD

Severity & Metrics

7.5 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N

Affected products (1)

Vendor	Product	Platform	Versions
haproxy	haproxy	—	0 ≤ 3.4.0, 5985276735777634d8c85f1d73bb7764aab0d6dd

Weakness (CWE)

CWE	Source	Description
CWE-190	cna	Integer Overflow or Wraparound

CVSS scores (2)

Score	Severity	Version	Source	Vector
9.0	CRITICAL	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N
7.5	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N

References (2)