Out-of-Bounds Write Vulnerability in OpenResty Web Platform
CVE-2026-55233

7.5HIGH

Key Information:

Vendor

Openresty

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-55233?

An out-of-bounds write vulnerability exists in the upstream PROXY protocol version 2 implementation of OpenResty. This issue occurs when OpenResty is set to transmit PROXY protocol v2 headers to upstream servers, enabling the potential for an attacker to craft malformed headers. This can lead to writes beyond allocated buffer limits, causing crashes in the worker process and resulting in denial of service. Affected versions include 1.29.2.1 through 1.29.2.4, with the vulnerability addressed in version 1.29.2.5. Only configurations that specifically allow PROXY protocol v2 for upstream connections are impacted.

Affected Version(s)

openresty >= 1.29.2.1, < 1.29.2.5

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.