VDB
GCVE-110-MAGEIA-2026-146
GCVE-110-MAGEIA-2026-146
Advisory Published
The HTTP/3 parser does not check that the received body length matches a
previously announced content-length when the stream is closed via a
frame with an empty payload. This can cause desynchronization issues
with the backend server and could be used for request smuggling.
(CVE-2026-33555)
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | haproxy | 0 (affected), 2.8.18-1.1.mga9 (unaffected) | — |
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.