CVE-2026-34475
CVSS Score
5.4
EPSS Score
0.0%
EPSS Percentile
0th
Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, potentially leading to cache poisoning or authentication bypass.
| CWE | CWE-180 |
| Vendor | varnish-software |
| Product | varnish cache |
| Published | Mar 27, 2026 |
| Last Updated | Mar 27, 2026 |
Stay Ahead of the Next One
Get instant alerts for varnish-software varnish cache
Be the first to know when new medium vulnerabilities affecting varnish-software varnish cache are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected Versions
varnish-software / Varnish Cache
0 < 6.0.17 LTS 7.0.0 < 8.0.1