{"id":"CVE-2026-50052","details":"In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync\nattack (request smuggling), which in turn can be used for cache poisoning,\nauthentication bypass, or possibly even information disclosure and manipulation. The attack vector only exists if HTTP/2 support is enabled by setting the\nfeature parameter to contain +http2. HTTP/2 support is disabled by\ndefault.","modified":"2026-07-08T08:11:29.895751988Z","published":"2026-06-03T03:56:01.974Z","related":["openSUSE-SU-2026:11039-1"],"database_specific":{"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/50xxx/CVE-2026-50052.json","cwe_ids":["CWE-444"]},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2026/07/01/9"},{"type":"WEB","url":"https://code.vinyl-cache.org/vinyl-cache/vinyl-cache"},{"type":"WEB","url":"https://vinyl-cache.org/security/VSV00019.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/50xxx/CVE-2026-50052.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-50052"},{"type":"PACKAGE","url":"https://github.com/varnish/varnish"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/varnish/varnish","events":[{"introduced":"ce1b315b0c35477c666e4c8d8e1c9174df87eb61"},{"last_affected":"ce1b315b0c35477c666e4c8d8e1c9174df87eb61"},{"last_affected":"dc27a2dce662015cf79bbda5ff193b6bb74ba2d1"},{"introduced":"0"},{"last_affected":"4883a9619d9fcdc4efcd7e4cd7e355ee38521a84"},{"last_affected":"04286a233e14a5674f86118da1c52ab63152006c"}],"database_specific":{"extracted_events":[{"introduced":"9.0.0"},{"last_affected":"9.0.0"},{"last_affected":"9.0.2"},{"introduced":"7.6.0"},{"last_affected":"8.0.1"},{"introduced":"6.0.14"},{"last_affected":"6.0.17"}],"source":"AFFECTED_FIELD"}}],"versions":["9.0.0","varnish-8.0.1","varnish-9.0.2","varnish-9.0.1","varnish-6.0.17","varnish-9.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-50052.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/S:N/AU:N/R:A/V:D/RE:L/U:Green"}]}