Security News

Cybersecurity news aggregator

🐧
MEDIUM Updates Debian Security

DSA-6130-1 haproxy - security update

haproxydebiancve-2026-26081
  • What: A security update is available for HAProxy to address a denial-of-service vulnerability related to improper validation of INITIAL QUIC packets.
  • Impact: A specially crafted QUIC packet can cause HAProxy to crash, leading to a denial of service.
  • CVE: CVE-2026-26081
Read Full Article →

[SECURITY] [DSA 6130-1] haproxy security update To : debian-security-announce@lists.debian.org Subject : [SECURITY] [DSA 6130-1] haproxy security update From : Salvatore Bonaccorso < carnil@debian.org > Date : Thu, 12 Feb 2026 14:37:40 +0000 Message-id : < [🔎] E1vqXp6-007xTy-1n@seger.debian.org > Reply-to : debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6130-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 12, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : haproxy CVE ID : CVE-2026-26081 Asim Viladi Oglu Manizada reported that HAProxy, a load balancing reverse proxy, does not properly validate an INITIAL QUIC packet with specially crafted data, which may result in denial of service (process crash). For the stable distribution (trixie), this problem has been fixed in version 3.0.11-1+deb13u2. We recommend that you upgrade your haproxy packages. For the detailed security status of haproxy please refer to its security tracker page at: https://security-tracker.debian.org/tracker/haproxy Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmmN5ZVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TVRw//YiM2kr4yFru9gbMS5WURR1riU+Z+ja4ucG75h6mtLyZ6ZT1tS2xzxBcd UwaU24bnEKnANHYvppQ3vDsFXNNkFiHQ3TeOghu5sgDVGBCQpcPAkrVbnbiNz5BD JKvLQyBgYDBH7sto2k6DAI9XaPICJVS+7XkdoEw9+n13BORV5b70V7IkhKdDgZcw BcDewQBDiFaP490qutomwzkiOgFt3fmLvphfel+2YPjq/I2Zq8Pm3u+hUmcQrz0F t68ukEgaHFuAAi71UXWVAupQYReNEvKtajqC32mHMehdQN3uzZKpC1vp7wbSI5c2 e5WJal3DeXW0vxHZ1NgA/z2cX3K/2urQdObalP52rKroAaL4zENVo0VL02O6KOes t0uVM4oqphEitLo7AtSG8Bw/+lpOETMD6SIuHw3osu6nZVv1qAq9wUKpxip/cF7M 5HcyOSkr95wb9FO1qPszP3T+bYDVK0IjCQ7n50H/yh5jeJIkTYaYRBp4s0O8PMkA Xz/xhRWxTL82bSnlSfQetXgDT1N1m1cbcGL3ldY3z4UY7dHj57V5NAoWDX7QzvXv 39WF8nA7NNq6HPz0rOCCXkQ3J4N5jUOTBKANlxp56fgciVDOicP5YBIINnX1NtNW qbdHgWb/u9cW97+uW9tv4kgw92WYySE7P/sdezeX/fS3pkgw0QQ= =Tu8x -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Salvatore Bonaccorso (on-list) Salvatore Bonaccorso (off-list) Prev by Date: [SECURITY] [DSA 6129-1] munge security update Previous by thread: [SECURITY] [DSA 6129-1] munge security update Index(es): Date Thread

Related Articles

CRITICAL Debian DSA-6130-1 Deep Dive: HAProxy QUIC Denial of Service – Technical Analysis, Mitigation, and Performance Retention Web Discovery MEDIUM SB2026021280 - Ubuntu update for haproxy Web Discovery MEDIUM February 2026 — CVE-2026-26080 and CVE-2026-26081: QUIC denial of service Web Discovery MEDIUM USN-8036-1: HAProxy vulnerability Ubuntu Security
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn