CPE
A critical integer overflow vulnerability, CVE-2021-40346, in HAProxy's `htx_add_header()` function allows unauthenticated attackers to bypass access control rules by crafting HTTP requests with specific header name lengths, leading to HTTP request smuggling and unauthorized access to backend paths, for which a public exploit is available.