HAProxy HTTP/3 Desync, Prompt Injection Dataset, & Entra ID Hardening

This report details a critical cross-protocol HTTP/3 to HTTP/1 desynchronization vulnerability, identified as CVE-2026-33555, affecting HAProxy. The vulnerability arises from how HAProxy handles a standalone QUIC FIN packet. By crafting specific HTTP/3 requests that terminate with an unexpected QUIC FIN, attackers can desynchronize HAProxy's internal state, leading to request smuggling. This allows an attacker to prepend arbitrary data to a victim's request or to bypass security controls by injecting malicious headers or payloads. The technique leverages the intricacies of protocol conversion at the load balancer level, specifically when HAProxy processes HTTP/3 requests and then forwards them as HTTP/1. This class of vulnerabilities is particularly dangerous as it can lead to various attacks, including cache poisoning, bypassing WAFs, and unauthorized access. Understanding and mitigating this vulnerability requires careful configuration of HTTP/3 termination and robust parsing logic to prevent unexpected protocol state transitions.

An extensive open dataset comprising over 100,000 multimodal prompt injection samples has been released, accompanied by per-category academic sourcing. This resource is crucial for researchers and developers working on the security of AI models, particularly large language models (LLMs) and multimodal models. Prompt injection remains a significant AI-specific security challenge, enabling attackers to hijack model behavior, extract sensitive data, or force unintended actions. This dataset provides a standardized, diverse collection of attack vectors, facilitating the development and benchmarking of robust defense mechanisms. The dataset's multimodal nature means it includes various input types beyond just text, addressing the evolving complexity of AI interactions. Its academic sourcing ensures high-quality, validated samples, making it a reliable tool for training and evaluating AI safety filters, intrusion detection systems, and model robustness against adversarial prompts. Developers can use this dataset to test their applications, identify weaknesses, and build more secure AI systems.

This report, part four of a series, highlights common findings from security assessments of Entra ID (formerly Azure AD) environments, specifically focusing on weak Conditional Access Policies. Conditional Access is a cornerstone of Zero Trust architecture within Microsoft's identity platform, enabling granular control over resource access based on various conditions like user location, device compliance, and sign-in risk. The article details how misconfigured or insufficiently restrictive policies can create significant security gaps, allowing unauthorized access or privilege escalation. Key weaknesses often include overly broad exclusions, inadequate enforcement of multi-factor authentication (MFA) for high-risk scenarios, and insufficient controls for legacy authentication protocols. The findings emphasize the importance of regularly reviewing and hardening Conditional Access policies to align with a robust Zero Trust model. It provides practical insights into identifying and rectifying these common misconfigurations, offering a guide for organizations to strengthen their Entra ID security posture and protect against identity-based attacks.