cvedb.io
CVE-2022-23959
CRITICAL · CVSS 9.1
EPSS exploitation probability: 0%
Published 2022-01-26T01:15:07.900 · Last modified 2026-06-17T04:31:03.640

Summary

In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 LTS before 6.0.10, and and Varnish Enterprise (Cache Plus) 4.1.x before 4.1.11r6 and 6.0.x before 6.0.9r4, request smuggling can occur for HTTP/1 connections.

Affected products

varnish-software — varnich_cache

Does this affect you?

Add your gear to cvedb and we'll alert you only when varnish-software ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.