CVE-2026-34475

Medium CVSS: 5.4

Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, potentially leading to cache poisoning or authentication bypass.

Vendor

Product

CWE

CWE-180

Yayın Tarihi

2026-03-27 20:16:36

Güncelleme

2026-03-30 13:26:07

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-180 MEDIUM 2026

Referanslar

https://vinyl-cache.org/security/VSV00018.html