CVE-2023-45539

HIGH LAB

HAProxy < 2.8.2 - Improper URI Component Handling via Fragment Identifier

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-45539. PoCs published by slicingmelon.

AI-analyzed exploit summary This repository demonstrates a path-based ACL bypass in HAProxy versions before 2.8.2, where a URI fragment (#) can be used to misroute requests (e.g., /admin#.png bypasses access controls by matching a path_end rule for .png). The PoC includes a Docker setup and curl/nc commands to reproduce the vulnerability.

Description

HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.

Exploits (1)

nomisec WORKING POC
by slicingmelon · poc
https://github.com/slicingmelon/HAProxy-CVE-2023-45539-PoC

This repository demonstrates a path-based ACL bypass in HAProxy versions before 2.8.2, where a URI fragment (#) can be used to misroute requests (e.g., /admin#.png bypasses access controls by matching a path_end rule for .png). The PoC includes a Docker setup and curl/nc commands to reproduce the vulnerability.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: HAProxy < 2.8.2
No auth needed
Prerequisites: HAProxy configured with path_end or regex ACLs · Network access to the HAProxy instance
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 8.2
EPSS 0.0151
EPSS Percentile 71.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Lab Environment

COMMUNITY
Community Lab
docker pull haproxy:2.8.1

Details

CWE
CWE-116
Status published
Products (1)
haproxy/haproxy < 2.8.2
Published Nov 28, 2023
Tracked Since Feb 18, 2026