Varnish-software Varnish Cache
5 CVEs affecting Varnish-software Varnish Cache. Latest disclosed: 2026-04-12. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-34475 | Medium | 5.4 | 2026-03-27 | Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, poten… |
CVE-2025-47905 | Medium | 5.4 | 2025-05-13 | Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product inc… |
CVE-2025-30346 | Medium | 5.4 | 2025-03-21 | Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests. |
CVE-2026-40396 | Medium | 4.0 | 2026-04-12 | Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service (daemon panic) after timeout_linger. A malicious client could send an HTTP/1 reque… |
CVE-2026-40394 | Medium | 4.0 | 2026-04-12 | Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service (daemon panic) for certain amounts of pref… |