Varnish Cache Pre Split
Monthly
HTTP/2 request parsing in Vinyl Cache and Varnish Cache enables backend request desync (HTTP request smuggling), exploitable for cache poisoning, authentication bypass, and information disclosure against affected deployments. Vinyl Cache prior to 9.0.1 and Varnish Cache prior to 9.0.3, plus legacy pre-split Varnish Cache branches spanning versions 6.0.14 through 8.0.1, are confirmed affected across three distinct CPE lineages. Exploitation is gated behind an explicitly non-default configuration - HTTP/2 must be enabled via the +http2 feature parameter - which substantially limits exposure; no public exploit code and no CISA KEV listing have been identified at time of analysis.
HTTP/2 request parsing in Vinyl Cache and Varnish Cache enables backend request desync (HTTP request smuggling), exploitable for cache poisoning, authentication bypass, and information disclosure against affected deployments. Vinyl Cache prior to 9.0.1 and Varnish Cache prior to 9.0.3, plus legacy pre-split Varnish Cache branches spanning versions 6.0.14 through 8.0.1, are confirmed affected across three distinct CPE lineages. Exploitation is gated behind an explicitly non-default configuration - HTTP/2 must be enabled via the +http2 feature parameter - which substantially limits exposure; no public exploit code and no CISA KEV listing have been identified at time of analysis.