CVE-2026-55204
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk35th percentile — higher than 35% of all known CVEs
Summary
HAProxy through version 3.4.0 contains a null pointer dereference vulnerability in the hpack_dht_insert() function in src/hpack-tbl.c. The flaw is due to missing validation of the return value from hpack_dht_defrag() when the memory pool is exhausted, which can crash HAProxy worker processes.
Risk Assessment
An attacker can trigger HPACK dynamic table insertions under memory pressure to dereference a NULL pointer and crash HAProxy worker processes, causing denial of service.
Recommendation
Immediately update HAProxy to a version containing the fix from commit 9a6d1fe or later. If updating is not possible, restrict access to interfaces using HPACK compression.
Original NVD description (English source)
HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c that fails to validate the return value of hpack_dht_defrag() when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memory pressure to dereference a NULL pointer and crash HAProxy worker processes, causing denial of service.

