PT-2026-28633 · Varnish · Varnish Enterprise+1
Published
2026-03-27
·
Updated
2026-03-28
·
CVE-2026-34475
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Varnish Cache versions prior to 8.0.1
Varnish Enterprise versions prior to 6.0.16r12
Description
The software may improperly handle URLs with a path of '/' for HTTP/1.1 in certain unchecked request URL scenarios. This could potentially lead to cache poisoning or authentication bypass.
Recommendations
Update Varnish Cache to version 8.0.1 or later.
Update Varnish Enterprise to version 6.0.16r12 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Varnish Cache
Varnish Enterprise