{ "document": { "aggregate_severity": { "text": "Critical" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/tuxcare9.6esu/vex/2026/cve-2026-55203-els_os-tuxcare9_6esu.json" } ], "tracking": { "current_release_date": "2026-06-26T12:27:06Z", "generator": { "date": "2026-06-26T12:27:06Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2026-55203-ELS_OS-TUXCARE9.6ESU", "initial_release_date": "2026-06-18T17:16:00Z", "revision_history": [ { "date": "2026-06-18T17:16:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-06-26T12:27:06Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "Security update on CVE-2026-55203" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.6", "product": { "name": "AlmaLinux 9.6", "product_id": "AlmaLinux-9.6", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.6:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_name", "name": "Rocky Linux 9.6", "product": { "name": "Rocky Linux 9.6", "product_id": "Rocky Linux-9.6", "product_identification_helper": { "cpe": "cpe:2.3:o:resf:rocky_linux:9.6:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Rocky Linux" } ], "category": "vendor", "name": "Rocky Linux" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "haproxy-0:2.4.22-4.el9.tuxcare.els1.x86_64", "product": { "name": "haproxy-0:2.4.22-4.el9.tuxcare.els1.x86_64", "product_id": "haproxy-0:2.4.22-4.el9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/haproxy@2.4.22-4.el9.tuxcare.els1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "haproxy-0:2.4.22-4.el9.tuxcare.els1.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:haproxy-0:2.4.22-4.el9.tuxcare.els1.x86_64" }, "product_reference": "haproxy-0:2.4.22-4.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "haproxy-0:2.4.22-4.el9.tuxcare.els1.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:haproxy-0:2.4.22-4.el9.tuxcare.els1.x86_64" }, "product_reference": "haproxy-0:2.4.22-4.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-55203", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record consumption and allowing malicious FastCGI backends to desynchronize the FCGI framing parser, potentially causing request routing errors, response smuggling, or memory safety issues.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "under_investigation": [ "AlmaLinux-9.6:haproxy-0:2.4.22-4.el9.tuxcare.els1.x86_64", "Rocky Linux-9.6:haproxy-0:2.4.22-4.el9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-55203" }, { "category": "external", "summary": "https://github.com/haproxy/haproxy/commit/5985276735777634d8c85f1d73bb7764aab0d6dd", "url": "https://github.com/haproxy/haproxy/commit/5985276735777634d8c85f1d73bb7764aab0d6dd" }, { "category": "external", "summary": "https://www.vulncheck.com/advisories/haproxy-integer-overflow-in-fcgi-demux-record-length-field", "url": "https://www.vulncheck.com/advisories/haproxy-integer-overflow-in-fcgi-demux-record-length-field" } ], "release_date": "2026-06-18T17:16:00Z", "remediations": [ { "category": "none_available", "date": "2026-06-26T12:25:02.724277Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.6:haproxy-0:2.4.22-4.el9.tuxcare.els1.x86_64", "Rocky Linux-9.6:haproxy-0:2.4.22-4.el9.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.6:haproxy-0:2.4.22-4.el9.tuxcare.els1.x86_64", "Rocky Linux-9.6:haproxy-0:2.4.22-4.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] } ] }