HAProxy
Security Risk Profile
27
/100
lowSecurity Risk Score
Comprehensive risk assessment based on 44 vulnerabilities, EPSS scores, exploitation status, and remediation availability.
📅 Data spans from May 27, 2012 to present
44
Total CVEs
23
Critical+High
0
Exploited
4
Unpatched
Threat Assessment
Avg CVSS
6.4
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
4
Critical/High
Risk Level
27/100
low
Severity Distribution
Critical
2High
21Medium
15Low
2Exploit Likelihood
>50% chance
020-50%
05-20%
0<5%
1Age Distribution
Common Weaknesses (CWE)
1
Buffer Overflow
6
2
Infoleak
2
3
Integer Overflow
2
4
Input Validation
2
Most Affected Products
1. HAProxy HAProxy201
2. HAProxy Haproxy Enterprise186
3. redhat/haproxy33
4. Canonical Ubuntu Linux21
5. debian/haproxy18
Recent Vulnerabilities
See more →https://reddit.com/r/cybersecurity/comments/1sngpac/haproxy_http3_http1_desync_crossprotocol/
unknown
HAProxy HTTP/3 -> HTTP/1 Desync: Cross-Protocol Smuggling via a Standalone QUIC FIN (CVE-2026-33555)
4/16/2026🔧 No Patch
https://reddit.com/r/netsec/comments/1snem8w/haproxy_http3_http1_desync_crossprotocol/
unknown
HAProxy HTTP/3 -> HTTP/1 Desync: Cross-Protocol Smuggling via a Standalone QUIC FIN (CVE-2026-33555)
4/16/2026🔧 No Patch
CVE-2026-33555
CVSS 4.0medium
4/13/2026
CVE-2025-11230
CVSS 7.5high
Denial of service vulnerability in HAProxy mjson library
11/6/2025
REDHAT-BUG-2413003
CVSS 7.0high
11/6/2025🔧 No Patch
CVE-2025-59303
CVSS 6.4medium
10/8/2025🔧 No Patch
REDHAT-BUG-2398025
CVSS 1.0low
9/25/2025🔧 No Patch
CVE-2024-49214
CVSS 5.3EPSS 0%medium
10/14/2024
CVE-2024-45506
CVSS 7.5high
9/4/2024🔧 No Patch
CVE-2023-45539
CVSS 8.2high
11/28/2023
Monitor HAProxy in Real-Time
Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.