CVE-2026-40396
mediumCVSS v3 Base Score
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.0%
Exploitation probability in 30 days
Top 95% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Confidentiality
None
Integrity
None
Availability
High
Published: April 12, 2026 (88 days ago)
Last Modified: April 12, 2026
Vendor: Red Hat
Source: REDHAT
Vulnerability Report
Generated by CyberWatcher
Description
A flaw was found in Varnish Cache. A malicious client can exploit a 'workspace overflow' vulnerability by sending an HTTP/1 request, waiting for the session to release its worker thread, and then resuming traffic with multiple requests to trigger a pipelining operation. This can lead to a workspace overflow, causing the Varnish server to panic and crash, resulting in a Denial of Service (DoS).
CWE
CWE-131Affected Products
Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9