UBUNTU-CVE-2026-55203

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-55203

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55203.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-55203

Upstream

CVE-2026-55203

Downstream

USN-8459-1

Related

USN-8459-1

Published

2026-06-19T00:00:00Z

Modified

2026-06-29T13:56:54.719512537Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N CVSS Calculator
9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
9.0 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:L/SI:H/SA:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record consumption and allowing malicious FastCGI backends to desynchronize the FCGI framing parser, potentially causing request routing errors, response smuggling, or memory safety issues.

References

Affected packages

Ubuntu:20.04:LTS

haproxy

Package

Name: haproxy
Purl: pkg:deb/ubuntu/haproxy?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.0.5-1

2.0.8-1

2.0.9-1

2.0.10-1

2.0.10-1ubuntu1

2.0.11-1ubuntu1

2.0.12-1ubuntu2

2.0.13-1ubuntu2

2.0.13-2

2.0.13-2ubuntu0.1

2.0.13-2ubuntu0.2

2.0.13-2ubuntu0.3

2.0.13-2ubuntu0.5

2.0.29-0ubuntu1

2.0.29-0ubuntu1.1

2.0.29-0ubuntu1.3

2.0.31-0ubuntu0.1

2.0.31-0ubuntu0.2

2.0.31-0ubuntu0.3

2.0.33-0ubuntu0.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2.0.33-0ubuntu0.1",
            "binary_name": "haproxy"
        },
        {
            "binary_version": "2.0.33-0ubuntu0.1",
            "binary_name": "vim-haproxy"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55203.json"

Ubuntu:22.04:LTS

haproxy

Package

Name: haproxy
Purl: pkg:deb/ubuntu/haproxy?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.30-0ubuntu0.22.04.2

Affected versions

2.*

2.2.9-2ubuntu2

2.4.8-1

2.4.8-2ubuntu3

2.4.11-1ubuntu1

2.4.12-1ubuntu1

2.4.12-1ubuntu2

2.4.13-1ubuntu1

2.4.14-1ubuntu1

2.4.18-0ubuntu1

2.4.18-0ubuntu1.1

2.4.18-0ubuntu1.2

2.4.18-0ubuntu1.3

2.4.22-0ubuntu0.22.04.1

2.4.22-0ubuntu0.22.04.2

2.4.22-0ubuntu0.22.04.3

2.4.24-0ubuntu0.22.04.1

2.4.24-0ubuntu0.22.04.2

2.4.24-0ubuntu0.22.04.3

2.4.29-0ubuntu0.22.04.1

2.4.30-0ubuntu0.22.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "2.4.30-0ubuntu0.22.04.2",
            "binary_name": "haproxy"
        },
        {
            "binary_version": "2.4.30-0ubuntu0.22.04.2",
            "binary_name": "vim-haproxy"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55203.json"

Ubuntu:24.04:LTS

haproxy

Package

Name: haproxy
Purl: pkg:deb/ubuntu/haproxy?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.8.16-0ubuntu0.24.04.3

Affected versions

2.*

2.6.15-1ubuntu2

2.8.5-1ubuntu1

2.8.5-1ubuntu2

2.8.5-1ubuntu3

2.8.5-1ubuntu3.1

2.8.5-1ubuntu3.2

2.8.5-1ubuntu3.3

2.8.5-1ubuntu3.4

2.8.15-0ubuntu0.24.04.1

2.8.16-0ubuntu0.24.04.1

2.8.16-0ubuntu0.24.04.2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "2.8.16-0ubuntu0.24.04.3",
            "binary_name": "haproxy"
        },
        {
            "binary_version": "2.8.16-0ubuntu0.24.04.3",
            "binary_name": "vim-haproxy"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55203.json"

Ubuntu:25.10

haproxy

Package

Name: haproxy
Purl: pkg:deb/ubuntu/haproxy?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.12-0ubuntu0.25.10.5

Affected versions

3.*

3.0.8-1ubuntu1

3.0.8-1ubuntu1.1

3.0.10-1ubuntu1

3.0.10-1ubuntu2

3.0.10-1ubuntu3

3.0.12-0ubuntu0.25.10.1

3.0.12-0ubuntu0.25.10.3

3.0.12-0ubuntu0.25.10.4

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "3.0.12-0ubuntu0.25.10.5",
            "binary_name": "haproxy"
        },
        {
            "binary_version": "3.0.12-0ubuntu0.25.10.5",
            "binary_name": "vim-haproxy"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55203.json"

Ubuntu:26.04:LTS

haproxy

Package

Name: haproxy
Purl: pkg:deb/ubuntu/haproxy?arch=source&distro=resolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.9-1ubuntu2.2

Affected versions

3.*

3.0.10-1ubuntu3

3.2.9-1ubuntu1

3.2.9-1ubuntu2

3.2.9-1ubuntu2.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "3.2.9-1ubuntu2.2",
            "binary_name": "haproxy"
        },
        {
            "binary_version": "3.2.9-1ubuntu2.2",
            "binary_name": "vim-haproxy"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55203.json"

Ubuntu:Pro:16.04:LTS

haproxy

Package

Name: haproxy
Purl: pkg:deb/ubuntu/haproxy?arch=source&distro=esm-infra%2Fxenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.5.14-1

1.5.15-1

1.6.2-1

1.6.2-2

1.6.2-2ubuntu1

1.6.2-2ubuntu3

1.6.3-1

1.6.3-1ubuntu0.1

1.6.3-1ubuntu0.2

1.6.3-1ubuntu0.3

1.6.3-1ubuntu0.3+esm1

1.6.3-1ubuntu0.3+esm2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1.6.3-1ubuntu0.3+esm2",
            "binary_name": "haproxy"
        },
        {
            "binary_version": "1.6.3-1ubuntu0.3+esm2",
            "binary_name": "vim-haproxy"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55203.json"

Ubuntu:Pro:18.04:LTS

haproxy

Package

Name: haproxy
Purl: pkg:deb/ubuntu/haproxy?arch=source&distro=esm-infra%2Fbionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.7.9-1ubuntu1

1.7.9-1ubuntu2

1.8.4-1

1.8.7-1

1.8.8-1

1.8.8-1ubuntu0.1

1.8.8-1ubuntu0.2

1.8.8-1ubuntu0.3

1.8.8-1ubuntu0.4

1.8.8-1ubuntu0.6

1.8.8-1ubuntu0.7

1.8.8-1ubuntu0.8

1.8.8-1ubuntu0.9

1.8.8-1ubuntu0.10

1.8.8-1ubuntu0.11

1.8.8-1ubuntu0.13

1.8.8-1ubuntu0.13+esm2

1.8.8-1ubuntu0.13+esm3

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1.8.8-1ubuntu0.13+esm3",
            "binary_name": "haproxy"
        },
        {
            "binary_version": "1.8.8-1ubuntu0.13+esm3",
            "binary_name": "vim-haproxy"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-55203.json"