NVD HIGH: CVE-2026-40394 — Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "w...
Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service (daemon panic) for certain amounts of prefetched data. The setup of an HTTP/2 session starts with a speculative HTTP/1 transport, and upon upgrading to h2 the HTTP/1 request is repurposed as stream zero. During the upgrade, a buffer allocation is made to reserve space to send frames
CVE-2026-40394