UBUNTU-CVE-2026-40396

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-40396

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-40396.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-40396

Upstream

CVE-2026-40396

Published

2026-04-12T20:16:00Z

Modified

2026-05-20T16:25:39.841678442Z

Severity

4.0 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L CVSS Calculator
7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service (daemon panic) after timeoutlinger. A malicious client could send an HTTP/1 request, wait long enough until the session releases its worker thread (timeoutlinger) and resume traffic before the session is closed (timeoutidle) sending more than one request at once to trigger a pipelining operation between requests. This vulnerability affecting Varnish Cache 9.0.0 emerged from a port of the Varnish Enterprise non-blocking architecture for HTTP/2. New code was needed to adapt to a more recent workspace API that formalizes the pipelining operation. In addition to the workspace change on the Varnish Cache side, other differences created merge conflicts, like partial support for trailers in Varnish Enterprise. The conflict resolution missed one code path configuring pipelining to perform a complete workspace rollback, losing the guarantee that prefetched data would fit inside workspaceclient during the transition from one request to the next. This can result in a workspace overflow, triggering a panic and crashing the Varnish server.

References

Affected packages

Ubuntu:14.04:LTS

varnish

Package

Name: varnish
Purl: pkg:deb/ubuntu/varnish?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.4-1ubuntu1

3.0.4-1ubuntu2

3.0.5-1ubuntu2

3.0.5-2

3.0.5-2ubuntu0.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libvarnishapi1",
            "binary_version": "3.0.5-2ubuntu0.1"
        },
        {
            "binary_name": "varnish",
            "binary_version": "3.0.5-2ubuntu0.1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-40396.json"

Ubuntu:24.04:LTS

varnish

Package

Name: varnish
Purl: pkg:deb/ubuntu/varnish?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.1.1-1.1ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libvarnishapi3",
            "binary_version": "7.1.1-1.1ubuntu1"
        },
        {
            "binary_name": "varnish",
            "binary_version": "7.1.1-1.1ubuntu1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-40396.json"

Ubuntu:25.10

varnish

Package

Name: varnish
Purl: pkg:deb/ubuntu/varnish?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.7.0-1

7.7.0-2

7.7.0-3

7.7.3-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libvarnishapi3",
            "binary_version": "7.7.3-1"
        },
        {
            "binary_name": "varnish",
            "binary_version": "7.7.3-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-40396.json"

Ubuntu:26.04:LTS

varnish

Package

Name: varnish
Purl: pkg:deb/ubuntu/varnish?arch=source&distro=resolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.7.3-1

7.7.3-1build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libvarnishapi3",
            "binary_version": "7.7.3-1build1"
        },
        {
            "binary_name": "varnish",
            "binary_version": "7.7.3-1build1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-40396.json"

Ubuntu:Pro:16.04:LTS

varnish

Package

Name: varnish
Purl: pkg:deb/ubuntu/varnish?arch=source&distro=esm-apps%2Fxenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.0.3-1

4.1.0-1

4.1.0-2

4.1.1-1

4.1.1-1ubuntu0.2

4.1.1-1ubuntu0.2+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libvarnishapi1",
            "binary_version": "4.1.1-1ubuntu0.2+esm1"
        },
        {
            "binary_name": "varnish",
            "binary_version": "4.1.1-1ubuntu0.2+esm1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-40396.json"

Ubuntu:Pro:18.04:LTS

varnish

Package

Name: varnish
Purl: pkg:deb/ubuntu/varnish?arch=source&distro=esm-apps%2Fbionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.0.0-7.1

5.2.1-1

5.2.1-1ubuntu0.1

5.2.1-1ubuntu0.1+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libvarnishapi1",
            "binary_version": "5.2.1-1ubuntu0.1+esm1"
        },
        {
            "binary_name": "varnish",
            "binary_version": "5.2.1-1ubuntu0.1+esm1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-40396.json"

Ubuntu:Pro:20.04:LTS

varnish

Package

Name: varnish
Purl: pkg:deb/ubuntu/varnish?arch=source&distro=esm-apps%2Ffocal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.1.1-1

6.2.1-2

6.2.1-2ubuntu0.1~esm1

6.2.1-2ubuntu0.1~esm2

6.2.1-2ubuntu0.1

6.2.1-2ubuntu0.2

6.2.1-2ubuntu0.2+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libvarnishapi2",
            "binary_version": "6.2.1-2ubuntu0.2+esm1"
        },
        {
            "binary_name": "varnish",
            "binary_version": "6.2.1-2ubuntu0.2+esm1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-40396.json"

Ubuntu:Pro:22.04:LTS

varnish

Package

Name: varnish
Purl: pkg:deb/ubuntu/varnish?arch=source&distro=esm-apps%2Fjammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.5.2-1

6.6.1-1

6.6.1-1ubuntu0.2

6.6.1-1ubuntu0.2+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libvarnishapi2",
            "binary_version": "6.6.1-1ubuntu0.2+esm1"
        },
        {
            "binary_name": "varnish",
            "binary_version": "6.6.1-1ubuntu0.2+esm1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-40396.json"