Book a meeting

› 10:06:34 BSI CVE-2026-46316 Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service · › 10:06:34 BSI CVE-2026-6472 PostgreSQL: Mehrere Schwachstellen · › 10:06:33 BSI CVE-2026-25243 Redis: Mehrere Schwachstellen ermöglichen Ausführen von beliebigem Pr… · › 10:06:33 BSI CVE-2026-23234 Linux Kernel: Mehrere Schwachstellen · › 10:06:33 BSI CVE-2025-38617 Linux Kernel: Mehrere Schwachstellen · › 10:06:32 BSI CVE-2026-23412 Linux Kernel: Mehrere Schwachstellen · › 10:06:32 BSI CVE-2026-23271 Linux Kernel: Mehrere Schwachstellen · › 09:52:48 NCSC-NL CVE-2026-9735 Kwetsbaarheden verholpen in MongoDB Server · › 09:06:31 BSI CVE-2026-6653 libxml2: Schwachstelle ermöglicht Denial of Service · › 08:46:34 BSI CVE-2026-12725 dnsmasq: Schwachstelle ermöglicht Denial of Service · › 08:46:34 BSI CVE-2026-56422 MISP: Mehrere Schwachstellen · › 08:46:33 BSI CVE-2026-41523 vllm: Schwachstelle ermöglicht Codeausführung ·

← Back to console

Critical CCB · Belgium CVE-2026-48772

ACL Bypass and Heap Memory Corruption in ProxySQL Can Be Exploited to…

Published 22 June 2026 at 14:48

Description

CVE-2026-48772 affects ProxySQL versions 2.0.0 through 3.0.8. The ProxySQL MySQL frontend improperly processes HAProxy PROXY protocol v1 (PP1) frames that carry the UNKNOWN token. Per the PP1 specification, address fields following an UNKNOWN token must be ignored. ProxySQL instead parses those fields via sscanf and writes the attacker-supplied source address into the session object. This spoofed address is then used by the query-rule matcher to evaluate client_addr-based routing and ACL rules. When the default configuration (mysql-proxy_protocol_networks = '*') is in place, any TCP peer can send a PP1 frame with an arbitrary source IP claim and forge their way into any address-based routing rule or access control. CVE-2026-48773 affects ProxySQL versions 2.0.18 through 3.0.8. A heap memor