Plattform
linux
Komponente
varnish-enterprise
Behoben in
6.0.16r12
CVE-2026-40395 describes a Denial of Service (DoS) vulnerability discovered in Varnish Enterprise. This flaw allows an attacker to induce a daemon panic, effectively crashing the service, through a workspace overflow within shared VCL configurations. The vulnerability impacts versions 6.0.9r5 through 6.0.16r12, and a fix is available in version 6.0.16r12.
CVE-2026-40395 in Varnish Enterprise, prior to version 6.0.16r12, allows a denial-of-service (DoS) attack that can lead to a daemon panic due to a shared VCL. The headerplus.writereq0() function within the vmodheaderplus module updates the underlying req0, which is normally the original read-only request from which req is derived. This is useful in the active VCL, after amending req, to prepare a refined req0 before switching to a different VCL with the vcl(<label>) action. An attacker could exploit this functionality to trigger a workspace overflow, leading to the daemon panic and service disruption. The severity of this issue depends on the criticality of the Varnish service and the ease with which an attacker can influence traffic passing through the server.
The vulnerability is exploited through manipulation of HTTP requests passing through the Varnish server. An attacker could craft specially designed requests that, when processed by vmod_headerplus in shared VCL, trigger a workspace overflow. The complexity of exploitation depends on the VCL configuration and the attacker's ability to control the content of HTTP requests. The vulnerability is particularly concerning in environments where shared VCL is used, as it allows an attacker to impact multiple applications or services sharing the same VCL configuration.
Organizations utilizing Varnish Enterprise for content caching, particularly those employing shared VCL configurations, are at risk. This includes deployments handling high volumes of traffic or those with complex header manipulation requirements. Shared hosting environments leveraging Varnish Enterprise are also potentially vulnerable.
• linux / server:
journalctl -u varnish -g 'workspace overflow'• linux / server:
ps aux | grep -i headerplus• generic web: Use curl to send a request with a large number of headers to the Varnish Enterprise server and monitor for errors or crashes.
disclosure
Exploit-Status
EPSS
0.06% (17% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for this vulnerability is to upgrade Varnish Enterprise to version 6.0.16r12 or later. This version includes a fix that addresses the workspace overflow issue. While immediate upgrading may not be possible, reviewing and limiting the use of vmod_headerplus in shared VCL, especially in security-critical environments, is recommended. Monitoring Varnish logs for errors or unusual behavior can also help detect potential exploitation attempts. Implementing firewall rules to restrict access to the Varnish server to trusted sources can reduce the attack surface.
Actualice Varnish Enterprise a la versión 6.0.16r12 o posterior para mitigar el riesgo de denegación de servicio. La actualización corrige una vulnerabilidad de desbordamiento del espacio de trabajo en la función headerplus.write_req0(), que podría ser explotada por clientes maliciosos para causar un fallo del servidor.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-40395 is a Denial of Service vulnerability affecting Varnish Enterprise versions 6.0.9r5–6.0.16r12, allowing an attacker to cause a daemon panic through a workspace overflow in shared VCL configurations.
You are affected if you are running Varnish Enterprise versions 6.0.9r5 through 6.0.16r12. Upgrade to 6.0.16r12 or later to resolve this vulnerability.
The fix is to upgrade Varnish Enterprise to version 6.0.16r12 or later. If immediate upgrade is not possible, consider temporary workarounds like limiting header fields.
There is currently no evidence of CVE-2026-40395 being actively exploited, and no public proof-of-concept code is available.
Refer to the official Varnish Software security advisory for CVE-2026-40395 on the Varnish Software website.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.