CVE-2026-34475 PUBLISHED

Assigner: mitre
Reserved: 27.03.2026 Published: 27.03.2026 Updated: 27.03.2026

Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, potentially leading to cache poisoning or authentication bypass.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
CVSS Score: 5.4

Attack Vector	Network	Scope	Changed
Attack Complexity	High	Confidentiality Impact	Low
Privileges Required	None	Integrity Impact	Low
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	varnish-software
Product	Varnish Cache
Versions	Default: unaffected affected from 0 to 6.0.17 LTS (excl.) affected from 7.0.0 to 8.0.1 (excl.)

References

https://vinyl-cache.org/security/VSV00018.html

Problem Types

CWE-180 Incorrect Behavior Order: Validate Before Canonicalize CWE