Loading
Generated remediation guidance and an executive summary. No account required.
Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service (daemon panic) for certain amounts of prefetched data. The setup of an HTTP/2 session starts with a speculative HTTP/1 transport, and upon upgrading to h2 the HTTP/1 request is repurposed as stream zero. During the upgrade, a buffer allocation is made to reserve space to send frames to the client. This allocation would split the original workspace, and depending on the amount of prefetched data, the next fetch could perform a pipelining operation that would run out of workspace.
Cite this page
CVE-2026-40394. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2026-40394
Use CWE-670, Varnish-Software vendor hub and Varnish Enterprise product page to widen CVE-2026-40394 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2023-41104, CVE-2026-34475 and CVE-2025-30346 for nearby disclosures in the same product family.