EUVD-2026-16801

🗓️ 27 Mar 2026 21:31:37Reported by EUVDType

Varnish Cache 8.0.1 and Varnish Enterprise 6.0.16r12 flaw: unchecked req.url root path can cause cache poisoning or authentication bypass.

Reporter	Title	Published	Views	Family All 17
GithubExploit	Exploit for Incorrect Behavior Order: Validate Before Canonicalize in Varnish-Software Varnish_Enterprise	30 Apr 202613:04	–	githubexploit
ATTACKERKB	CVE-2026-34475	27 Mar 202619:40	–	attackerkb
Circl	CVE-2026-34475	13 May 202608:00	–	circl
CNNVD	Varnish Cache 安全漏洞	27 Mar 202600:00	–	cnnvd
CVE	CVE-2026-34475	27 Mar 202619:40	–	cve
Cvelist	CVE-2026-34475	27 Mar 202619:40	–	cvelist
Debian CVE	CVE-2026-34475	27 Mar 202619:40	–	debiancve
NVD	CVE-2026-34475	27 Mar 202620:16	–	nvd
OSV	DEBIAN-CVE-2026-34475	27 Mar 202620:16	–	osv
OSV	UBUNTU-CVE-2026-34475	27 Mar 202620:16	–	osv

[
  {
    "enisaIdVendor": [
      {
        "id": "d82b3f2f-2549-384a-a1ad-d6530ff1653b",
        "vendor": {
          "name": "varnish-software"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "3b96b4cf-d007-3a20-908c-ea6cba7953bc",
        "product": {
          "name": "Varnish Cache"
        },
        "product_version": "7.0.0 <8.0.1"
      },
      {
        "id": "572886c9-23e3-3a79-976a-c5ff109a3871",
        "product": {
          "name": "Varnish Cache"
        },
        "product_version": "0 <6.0.17 LTS"
      }
    ]
  }
]

Source	Link
vinyl-cache	www.vinyl-cache.org/security/VSV00018.html
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-34475

27 Mar 2026 21:31Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.15.4

EPSS0.00067

SSVC