Security Vulnerabilities
Improper input validation in data related to network restrictions prior to SMR Apr-2026 Release 1 allows physical attackers to bypass the restrictions.
CVSS Score
5.2
EPSS Score
0.0
Published
2026-04-13
Double free vulnerability in the multi-mode input system.
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
5.6
EPSS Score
0.0
Published
2026-04-13
Permission bypass vulnerability in the LBS module.
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
7.7
EPSS Score
0.0
Published
2026-04-13
UAF vulnerability in the communication module.
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
7.3
EPSS Score
0.0
Published
2026-04-13
Access control vulnerability in the memo module.
Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
CVSS Score
4.1
EPSS Score
0.0
Published
2026-04-13
Race condition vulnerability in the event notification module.
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
2.2
EPSS Score
0.0
Published
2026-04-13
Stack overflow vulnerability in the media platform.
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-04-13
Race condition vulnerability in the notification service.
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
1.9
EPSS Score
0.0
Published
2026-04-13
Vulnerability of improper permission control in the theme setting module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
6.9
EPSS Score
0.0
Published
2026-04-13
Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service (daemon panic) after timeout_linger. A malicious client could send an HTTP/1 request, wait long enough until the session releases its worker thread (timeout_linger) and resume traffic before the session is closed (timeout_idle) sending more than one request at once to trigger a pipelining operation between requests. This vulnerability affecting Varnish Cache 9.0.0 emerged from a port of the Varnish Enterprise non-blocking architecture for HTTP/2. New code was needed to adapt to a more recent workspace API that formalizes the pipelining operation. In addition to the workspace change on the Varnish Cache side, other differences created merge conflicts, like partial support for trailers in Varnish Enterprise. The conflict resolution missed one code path configuring pipelining to perform a complete workspace rollback, losing the guarantee that prefetched data would fit inside workspace_client during the transition from one request to the next. This can result in a workspace overflow, triggering a panic and crashing the Varnish server.
CVSS Score
4.0
EPSS Score
0.0
Published
2026-04-12