VYPR
Vendor

Vinyl Cache

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2026-34475MedMar 27, 2026
    risk 0.35cvss 5.4epss 0.00

    Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, potentially leading to cache poisoning or authentication bypass.

  • CVE-2026-40396MedApr 12, 2026
    risk 0.26cvss 4.0epss 0.00

    Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service (daemon panic) after timeout_linger. A malicious client could send an HTTP/1 request, wait long enough until the session releases its worker thread (timeout_linger) and resume traffic before the session…

  • CVE-2026-40394MedApr 12, 2026
    risk 0.26cvss 4.0epss 0.00

    Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service (daemon panic) for certain amounts of prefetched data. The setup of an HTTP/2 session starts with a speculative HTTP/1 transport, and upon upgrading to h2 the…

  • CVE-2026-50052LowJun 3, 2026
    risk 0.15cvss epss 0.00

    In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack (request smuggling), which in turn can be used for cache poisoning, authentication bypass, or possibly even information…

VYPR — Vulnerability Intelligence