VYPR
Medium severity5.4NVD Advisory· Published Mar 27, 2026· Updated Apr 22, 2026

CVE-2026-34475

CVE-2026-34475

Description

Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, potentially leading to cache poisoning or authentication bypass.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

15
  • cpe:2.3:a:varnish-software:varnish_enterprise:*:*:*:*:*:*:*:*+ 12 more
    • cpe:2.3:a:varnish-software:varnish_enterprise:*:*:*:*:*:*:*:*range: <=6.0.15
    • cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r1:*:*:*:*:*:*
    • cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r10:*:*:*:*:*:*
    • cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r11:*:*:*:*:*:*
    • cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r2:*:*:*:*:*:*
    • cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r3:*:*:*:*:*:*
    • cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r4:*:*:*:*:*:*
    • cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r5:*:*:*:*:*:*
    • cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r6:*:*:*:*:*:*
    • cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r7:*:*:*:*:*:*
    • cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r8:*:*:*:*:*:*
    • cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r9:*:*:*:*:*:*
    • (no CPE)range: < 6.0.16r12
  • cpe:2.3:a:vinyl-cache:vinyl_cache:*:*:*:*:*:*:*:*
    Range: <8.0.1
  • Range: < 8.0.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.