Medium severity5.4NVD Advisory· Published Mar 27, 2026· Updated Apr 22, 2026
CVE-2026-34475
CVE-2026-34475
Description
Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, potentially leading to cache poisoning or authentication bypass.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
15cpe:2.3:a:varnish-software:varnish_enterprise:*:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:varnish-software:varnish_enterprise:*:*:*:*:*:*:*:*range: <=6.0.15
- cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r1:*:*:*:*:*:*
- cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r10:*:*:*:*:*:*
- cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r11:*:*:*:*:*:*
- cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r2:*:*:*:*:*:*
- cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r3:*:*:*:*:*:*
- cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r4:*:*:*:*:*:*
- cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r5:*:*:*:*:*:*
- cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r6:*:*:*:*:*:*
- cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r7:*:*:*:*:*:*
- cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r8:*:*:*:*:*:*
- cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r9:*:*:*:*:*:*
- (no CPE)range: < 6.0.16r12
- Range: < 8.0.1
Patches
Vulnerability mechanics
References
1- vinyl-cache.org/security/VSV00018.htmlnvdVendor AdvisoryMitigation
News mentions
0No linked articles in our index yet.