HAProxy HTTP/3 parser lets one empty packet smuggle requests
CVE-2026-33555: HAProxy HTTP/3 parser skips body size validation on stream close. One zero-byte QUIC DATA frame enables request smuggling. Patch via DSA-6291.
Haproxy
1 article tagged #haproxy