CVE-2026-40395: CWE-770 Allocation of Resources Without Limits or Throttling in varnish-software Varnish Enterprise
Varnish Enterprise versions before 6. 0. 16r12 contain a vulnerability where the headerplus. write_req0() function can cause a workspace overflow leading to a daemon panic and server crash. This occurs when an amended request contains too many header fields, triggering a denial of service condition. The issue affects shared VCL deployments and can be exploited by malicious clients to disrupt service availability.
AI Analysis
Technical Summary
CVE-2026-40395 is a resource allocation vulnerability (CWE-770) in Varnish Enterprise prior to version 6.0.16r12. The vulnerability arises from the headerplus.write_req0() function in the vmod_headerplus module, which updates the underlying req0 object. Normally, req0 is the original read-only request from which req is derived and is both readable and writable from VCL. When an amended req contains an excessive number of header fields, this can cause a workspace overflow in req0, leading to a daemon panic and crash of the Varnish Enterprise server. This flaw can be leveraged as a denial of service attack vector by malicious clients, particularly in shared VCL environments such as those managed by the Varnish Controller.
Potential Impact
Successful exploitation results in a denial of service condition due to a daemon panic and server crash. There is no indication of confidentiality or integrity impact. The vulnerability requires network access but has a high attack complexity, and no privileges or user interaction are needed. The CVSS score is 4.0 (medium severity). No known exploits in the wild have been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or patch links are provided in the available data. Until a patch is available, consider limiting exposure of the vulnerable service to untrusted clients and monitor for unusual request patterns that might trigger the overflow.
CVE-2026-40395: CWE-770 Allocation of Resources Without Limits or Throttling in varnish-software Varnish Enterprise
Description
Varnish Enterprise versions before 6. 0. 16r12 contain a vulnerability where the headerplus. write_req0() function can cause a workspace overflow leading to a daemon panic and server crash. This occurs when an amended request contains too many header fields, triggering a denial of service condition. The issue affects shared VCL deployments and can be exploited by malicious clients to disrupt service availability.
CVSS v3.1
Score 4.0medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-40395 is a resource allocation vulnerability (CWE-770) in Varnish Enterprise prior to version 6.0.16r12. The vulnerability arises from the headerplus.write_req0() function in the vmod_headerplus module, which updates the underlying req0 object. Normally, req0 is the original read-only request from which req is derived and is both readable and writable from VCL. When an amended req contains an excessive number of header fields, this can cause a workspace overflow in req0, leading to a daemon panic and crash of the Varnish Enterprise server. This flaw can be leveraged as a denial of service attack vector by malicious clients, particularly in shared VCL environments such as those managed by the Varnish Controller.
Potential Impact
Successful exploitation results in a denial of service condition due to a daemon panic and server crash. There is no indication of confidentiality or integrity impact. The vulnerability requires network access but has a high attack complexity, and no privileges or user interaction are needed. The CVSS score is 4.0 (medium severity). No known exploits in the wild have been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or patch links are provided in the available data. Until a patch is available, consider limiting exposure of the vulnerable service to untrusted clients and monitor for unusual request patterns that might trigger the overflow.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-04-12T19:21:08.847Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69dbf32682d89c981fb00942
Added to database: 4/12/2026, 7:31:50 PM
Last enriched: 4/20/2026, 6:21:27 AM
Last updated: 5/27/2026, 12:24:59 AM
Views: 107
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.