CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-34475

Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, potentially leading to cache poisoning or authentication bypass.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 14.3%

CVSS Severity

CVSS v3 Score 5.4

References

https://vinyl-cache.org/security/VSV00018.html

Products affected by CVE-2026-34475

Varnish-Software » Varnish Enterprise » Version: 6.0.11

cpe:2.3:a:varnish-software:varnish_enterprise:6.0.11
Varnish-Software » Varnish Enterprise » Version: 6.0.12

cpe:2.3:a:varnish-software:varnish_enterprise:6.0.12
Varnish-Software » Varnish Enterprise » Version: 6.0.13

cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13
Varnish-Software » Varnish Enterprise » Version: 6.0.16

cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16
Vinyl-Cache » Vinyl Cache » Version: Any

cpe:2.3:a:vinyl-cache:vinyl_cache:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-34475

Products

Pricing

Contact Us