CVE-2026-34475 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.4 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 20%

Affected Products (NVD)

Vendor	Product	Version
varnish-software	varnish_enterprise	𝑥 ≤ 6.0.15
varnish-software	varnish_enterprise	6.0.16:r1
varnish-software	varnish_enterprise	6.0.16:r10
varnish-software	varnish_enterprise	6.0.16:r11
varnish-software	varnish_enterprise	6.0.16:r2
varnish-software	varnish_enterprise	6.0.16:r3
varnish-software	varnish_enterprise	6.0.16:r4
varnish-software	varnish_enterprise	6.0.16:r5
varnish-software	varnish_enterprise	6.0.16:r6
varnish-software	varnish_enterprise	6.0.16:r7
varnish-software	varnish_enterprise	6.0.16:r8
varnish-software	varnish_enterprise	6.0.16:r9
vinyl-cache	vinyl_cache	𝑥 < 8.0.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

varnish

bookworm	no-dsa
bookworm (security)	vulnerable
bullseye	postponed
bullseye (security)	vulnerable
forky	vulnerable
sid	vulnerable
trixie	no-dsa

Common Weakness Enumeration

CWE-180 - Incorrect Behavior Order: Validate Before Canonicalize
The software validates input before it is canonicalized, which prevents the software from detecting data that becomes invalid after the canonicalization step.

References

https://vinyl-cache.org/security/VSV00018.html