The vulnerability CVE-2026-40395 affects Varnish Enterprise versions before 6.0.16r12. It arises from improper handling of resource allocation limits in the headerplus.write_req0() function of the vmod_headerplus module. This function modifies the req0 object, which is normally read-only and represents the original request. When an amended request contains an excessive number of header fields, it causes a workspace overflow leading to a daemon panic and server crash. This flaw can be leveraged by attackers to cause a denial of service by crashing the Varnish Enterprise server. The vulnerability is classified under CWE-770 (Allocation of Resources Without Limits or Throttling). The CVSS 3.1 base score is 4.0, indicating medium severity, with network attack vector, high attack complexity, no privileges required, no user interaction, and impact limited to availability loss.

Successful exploitation results in a denial of service condition due to a workspace overflow that causes the Varnish Enterprise server daemon to panic and crash. There is no impact on confidentiality or integrity. The attack requires network access and has high complexity, meaning it is not trivial to exploit. No known exploits are currently reported in the wild.

No official patch or remediation level has been published by the vendor as of the current information. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, consider limiting exposure of the Varnish Enterprise service to untrusted clients or applying custom rate limiting or filtering to reduce the risk of triggering the overflow condition. Monitor vendor communications for updates on patches or official mitigations.