{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T21:57:43.667","vulnerabilities":[{"cve":{"id":"CVE-2026-40395","sourceIdentifier":"cve@mitre.org","published":"2026-04-12T20:16:18.893","lastModified":"2026-04-17T14:37:34.147","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Varnish Enterprise before 6.0.16r12 allows a \"workspace overflow\" denial of service (daemon panic) for shared VCL. The headerplus.write_req0() function from vmod_headerplus updates the underlying req0, which is normally the original read-only request from which req is derived (readable and writable from VCL). This is useful in the active VCL, after amending req, to prepare a refined req0 before switching to a different VCL with the return (vcl(<label>)) action. This is for example how the Varnish Controller operates shared VCL deployments. If the amended req contained too many header fields for req0, this would have resulted in a workspace overflow that would in turn trigger a panic and crash the Varnish Enterprise server. This could be used as a Denial of Service attack vector by malicious clients."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"cve@mitre.org","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:varnish-software:varnish_enterprise:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0.15","matchCriteriaId":"E53A64C0-FC22-40B5-8C3B-6288B44AC3FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r1:*:*:*:*:*:*","matchCriteriaId":"F24D68B5-362E-4797-B6DE-C19A2893186C"},{"vulnerable":true,"criteria":"cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r10:*:*:*:*:*:*","matchCriteriaId":"910BAD01-26E5-4D12-AA23-0BD2D48F229C"},{"vulnerable":true,"criteria":"cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r11:*:*:*:*:*:*","matchCriteriaId":"BCF39307-6F25-4D97-8901-EE1A80A66AD9"},{"vulnerable":true,"criteria":"cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r2:*:*:*:*:*:*","matchCriteriaId":"05E529DF-DEE1-4A62-998B-CA312DF888FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r3:*:*:*:*:*:*","matchCriteriaId":"8AB27B34-2951-4755-851C-7C942DAFB6C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r4:*:*:*:*:*:*","matchCriteriaId":"18A22D42-B038-4E09-92DD-8AFD2F51A340"},{"vulnerable":true,"criteria":"cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r5:*:*:*:*:*:*","matchCriteriaId":"FE76D616-3AA8-4D9A-9D41-9AE35FE20DBC"},{"vulnerable":true,"criteria":"cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r6:*:*:*:*:*:*","matchCriteriaId":"9C5610CF-1FE4-4DF8-8D49-7C0CCF0359E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r7:*:*:*:*:*:*","matchCriteriaId":"27B776B2-9C38-45BE-89E4-ECDEEAE538A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r8:*:*:*:*:*:*","matchCriteriaId":"ED3CA600-C88D-4825-8C36-E052822AF59F"},{"vulnerable":true,"criteria":"cpe:2.3:a:varnish-software:varnish_enterprise:6.0.16:r9:*:*:*:*:*:*","matchCriteriaId":"6B1D57B1-9771-4195-9EE3-B26EA776FB6B"}]}]}],"references":[{"url":"https://docs.varnish-software.com/security/VEV00003/","source":"cve@mitre.org","tags":["Vendor Advisory"]}]}}]}