Primary

Context

HAProxy Denial-of-Service Vulnerability in mjson Library

Vulnerability

A denial-of-service vulnerability has been identified in HAProxy due to an inefficient algorithm in the mjson library, which is used for JSON parsing. This vulnerability allows remote attackers to cause a denial of service by sending specially crafted JSON requests with large values. The issue affects all current versions of HAProxy, including the Community Edition, Enterprise Edition, ALOHA appliances, and the Kubernetes Ingress Controller, whenever JSON parsing functions are used.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, where the HAProxy process is terminated, causing service disruption.

Remediation

Users should upgrade to the latest version of HAProxy. Instructions for upgrading HAProxy Enterprise, ALOHA, and both versions of the Kubernetes Ingress Controller are available in the HAProxy customer documentation.

Added: Nov 19, 2025, 10:17 AM

Updated: Nov 19, 2025, 10:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HAProxy Denial-of-Service Vulnerability in mjson Library

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating