SearchA deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack (request smuggling), which in turn can be used for cache poisoning, authentication bypass or possibly even information disclosure and manipulation.
The attack vector only exists if HTTP/2 support is enabled by setting the
feature parameter to contain +http2. HTTP/2 support is disabled by
default.
The vulnerability affects both open source Varnish Cache and Vinyl Cache. All recent versions of Varnish Enterprise are not affected by the vulnerability.
We recommend to upgrade to a version which is not affected, to disable HTTP/2 support or to mitigate the issue in VCL, as detailed below.
Vinyl Cache 9.0.0
Varnish Cache by Varnish Software up to and including 9.0.2
All Varnish Cache Releases from 7.6.0 up to and including 8.0.1
Varnish Cache 6.0 LTS series from 6.0.14 up to and including 6.0.17.
Vinyl Cache 9.0.1 (released 2026-05-18)
Varnish Cache by Varnish Software 9.0.3 (released 2026-05-18)
Vinyl Cache main branch at commit dfc27fb4e7bf110945f5c145ce95b8de14ead77f
or later
Varnish Cache main branch at commit 2fe69510284e7db07aab58972bf1c2bd7b37966d
or later
Varnish Cache 8.0.2 (released 2026-05-18)
Varnish Cache 6.0 LTS version 6.0.18 (2026-05-18)
Varnish Enterprise by Varnish Software
For Varnish Enterprise, the main bug that allows this vulnerability was fixed
in version 6.0.16r4. Versions older than that are impacted by the bug, but its
potential impact is much more limited compared to the open source version
thanks to the validate_backend_request feature flag that is enabled by default
in Varnish Enterprise since version 6.0.11r2.
Several options to mitigate this issue exist. The safest is disabling HTTP/2.
The vulnerability can only be exploited if HTTP/2 support is enabled. Where it is, it can be disabled
at runtime by issuing varnishadm param.set feature -http2
persistently by removing -p feature=+http2 from the varnishd startup
parameters
You must also remove h2 from the list of protocols if your TLS terminator is advertising it with ALPN.
This method requires no additional VMODs, but needs inline-C to be enabled:
at runtime by issuing varnishadm param.set vcc_feature +allow_inline_c
persistently by adding -p vcc_feature=+allow_inline_c to the varnishd
startup parameters
This method works by combining two techniques:
rendering a smuggled request invalid
avoiding backend connection reuse.
Besides enabling inline-C, the following snippet needs to be added at the top of the custom VCL::
## BEGIN vsv19 mitigation
#
sub recv_vsv19 {
unset req.http.vsv19;
if (req.proto != "HTTP/2.0") {
return;
}
set req.http.vsv19 = "1";
if (req.http.content-length) {C{
VRT_SetHdr(ctx, &VGC_HDR_REQ_content_2d_length, 0,
TOSTRAND(VRT_GetHdr(ctx, &VGC_HDR_REQ_content_2d_length)));
}C}
}
sub vcl_recv {
call recv_vsv19;
}
sub vcl_backend_fetch {
if (bereq.http.vsv19) {
set bereq.http.Connection = "close";
}
}
#
## END vsv19 mitigation
In addition, care must be taken that bereq.http.Connection is not unset
anywhere else in the custom VCL.
We thank Lam Jun Rong of Calif.io, who used Anthropic Research’s tool “Claude”, for reporting this issue.
For the Vinyl Cache project, the issue has been handled by Nils Goroll of UPLEX. The merged fix is a slight variation of the proposed fix by Lam Jun Rong, which had already been found independently by Dridi Boukelmoune.