CVE-2026-50052 in Vinyl Cacheinfo

Zusammenfassung

von MITRE • 03.06.2026

In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack (request smuggling), which in turn can be used for cache poisoning, authentication bypass, or possibly even information disclosure and manipulation. The attack vector only exists if HTTP/2 support is enabled by setting the feature parameter to contain +http2. HTTP/2 support is disabled by default.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

MITRE

Reservieren

03.06.2026

Veröffentlichung

03.06.2026

Moderieren

akzeptiert

Eintrag

VDB-368092

CPE

bereit

CWE

CWE-444 (bestätigt)

CVSS

3.1 (VulDB)

EPSS

0.00083

KEV

nein

Aktivitäten

low

Sektor

Hospital, Insurance, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-50052
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-50052
CVE Details	https://www.cvedetails.com/cve/CVE-2026-50052/

◂ Zurück Übersicht Weiter ▸

Might our Artificial Intelligence support you?

Check our Alexa App!