CVE List

CVE-2021-40346

Critical 7.5

An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.

Published September 8, 2021.

Affected software

Reference links

Sign Up for Alerts