William Lallemand
#haproxy CVE in every branches starting from the 2.4 branch. Possible DoS when using json_query(), jwt_header_query() or jwt_payload_query() in your configuration. https://www.haproxy.com/blog/october-2025-cve-2025-11230-haproxy-mjson-library-denial-of-service-vulnerability
CVE-2025-11230: Denial of service vulnerability in HAProxy mjson library

The latest versions of HAProxy Community and HAProxy Enterprise have patches for a high severity denial of service vulnerability in the mjson library.

HAProxy Technologies
Oct 3 at 7:49pmWeb