MEDIUM🇵🇱 Wersja polska

CVE-2026-40394

CVSS 4.0v3.1pub. 2026-04-12upd. 2026-04-17

Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service (daemon panic) for certain amounts of prefetched data. The setup of an HTTP/2 session starts with a speculative HTTP/1 transport, and upon upgrading to h2 the HTTP/1 request is repurposed as stream zero. During the upgrade, a buffer allocation is made to reserve space to send frames to the client. This allocation would split the original workspace, and depending on the amount of prefetched data, the next fetch could perform a pipelining operation that would run out of workspace.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L
  • Varnish Software Varnish Enterprise

    APP
    Varnish-Software
    6.0.16≤ 6.0.15
  • Vinyl Cache

    APP
    Vinyl-Cache
    9.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2026-40395MEDIUM4.0ten sam produkt

Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service (daemon panic) for shared ...

CVE-2026-40396MEDIUM4.0ten sam produkt

Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service (daemon panic) after timeout_ling...

CVE-2026-34475MEDIUM5.4ten sam produkt

Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mi...

CVE-2025-30346MEDIUM5.4ten sam produkt

Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 request...

CVE-2025-30347MEDIUM4.0ten sam produkt

Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-boun...