Varnish-Software Varnish Enterprise vulnerabilities

CVE-2026-40395 [MEDIUM] CWE-770 CVE-2026-40395: Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service (daemon panic) f Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service (daemon panic) for shared VCL. The headerplus.write_req0() function from vmod_headerplus updates the underlying req0, which is normally the original read-only request from which req is derived (readable and writable from VCL). This is useful in the active VCL, after

CVE-2025-30347 [HIGH] CWE-125 CVE-2025-30347: Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an o Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects.

CVE-2025-30346 [MEDIUM] CWE-444 CVE-2025-30346: Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests.

CVE-2023-41104 [MEDIUM] CWE-119 CVE-2023-41104: libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-boun libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL (Varnish Configuration Language) configuration in use.