{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T02:25:06.644","vulnerabilities":[{"cve":{"id":"CVE-2026-33555","sourceIdentifier":"cve@mitre.org","published":"2026-04-13T17:16:28.237","lastModified":"2026-04-17T15:38:09.243","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be used for request smuggling. The earliest affected version is 2.6."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}]},"weaknesses":[{"source":"cve@mitre.org","type":"Primary","description":[{"lang":"en","value":"CWE-130"}]}],"references":[{"url":"https://github.com/haproxy/haproxy/commit/05a295441c621089ffa4318daf0dbca2dd756a84","source":"cve@mitre.org"},{"url":"https://www.haproxy.com/documentation/haproxy-aloha/changelog/","source":"cve@mitre.org"},{"url":"https://www.haproxy.org","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/haproxy@formilux.org/msg46752.html","source":"cve@mitre.org"}]}}]}