Browse all 7 CVE security advisories affecting varnish-software. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Varnish Software develops the Varnish Cache, an open-source HTTP accelerator used to improve website performance by caching web content. Historically, the software has been vulnerable to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from input validation flaws and improper access controls. While no major security incidents have been widely documented, the 7 CVEs on record highlight potential risks in configuration management and request handling. Security teams should implement strict input validation, regular patching, and proper access controls to mitigate these vulnerabilities, as the software's widespread deployment makes it an attractive target for attackers seeking to compromise web infrastructure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-40396 | Varnish Cache 安全漏洞 — Varnish CacheCWE-670 | 4.0 | Medium | 2026-04-12 |
| CVE-2026-40395 | Varnish Enterprise 安全漏洞 — Varnish EnterpriseCWE-770 | 4.0 | Medium | 2026-04-12 |
| CVE-2026-40394 | Varnish Cache和Varnish Enterprise 安全漏洞 — Varnish CacheCWE-670 | 4.0 | Medium | 2026-04-12 |
| CVE-2026-34475 | Varnish Cache 安全漏洞 — Varnish CacheCWE-180 | 5.4 | Medium | 2026-03-27 |
| CVE-2025-47905 | Varnish Cache 安全漏洞 — Varnish CacheCWE-444 | 5.4 | Medium | 2025-05-13 |
| CVE-2025-30347 | Varnish Enterprise 安全漏洞 — Varnish EnterpriseCWE-125 | 4.0 | Medium | 2025-03-21 |
| CVE-2025-30346 | Varnish Cache和Varnish Enterprise 安全漏洞 — Varnish CacheCWE-444 | 5.4 | Medium | 2025-03-21 |
This page lists every published CVE security advisory associated with varnish-software. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.