VYPR

Varnish Enterprise

by Varnish Software

CVEs (6)

  • CVE-2026-34475MedMar 27, 2026
    risk 0.35cvss 5.4epss 0.00

    Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, potentially leading to cache poisoning or authentication bypass.

  • CVE-2026-40395MedApr 12, 2026
    risk 0.26cvss 4.0epss 0.00

    Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service (daemon panic) for shared VCL. The headerplus.write_req0() function from vmod_headerplus updates the underlying req0, which is normally the original read-only request from which req is derived…

  • CVE-2026-40394MedApr 12, 2026
    risk 0.26cvss 4.0epss 0.00

    Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service (daemon panic) for certain amounts of prefetched data. The setup of an HTTP/2 session starts with a speculative HTTP/1 transport, and upon upgrading to h2 the…

  • CVE-2025-30347Mar 21, 2025
    risk 0.00cvss epss 0.00

    Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects.

  • CVE-2023-41104Aug 23, 2023
    risk 0.00cvss epss 0.00

    libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL…

  • CVE-2022-23959Jan 26, 2022
    risk 0.00cvss epss 0.02

    In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.