Varnish-software Varnish Enterprise
2 CVEs affecting Varnish-software Varnish Enterprise. Latest disclosed: 2026-04-12. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-40395 | Medium | 4.0 | 2026-04-12 | Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service (daemon panic) for shared VCL. The headerplus.write_req0() function from vm… |
CVE-2025-30347 | Medium | 4.0 | 2025-03-21 | Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on ephemeral MSE4 stev… |