What the vulnerability does
01Description
Missing Authorization vulnerability in ergonet Ergonet Cache ergonet-varnish-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ergonet Cache: from n/a through <= 1.0.13.
Explanation of Vulnerability in Simple Terms
02Summary
Ergonet Cache versions 1.0.13 and earlier lack proper authorization checks, allowing authenticated users with low privileges to trigger a denial-of-service condition. An attacker with valid login credentials can make requests that degrade site availability. The vulnerability requires network access and valid authentication but no user interaction.
What an attacker can do
03Attacker Capabilities
Degrade site availability by triggering resource exhaustion or service disruption.
Potential impact on your site
04Site Impact
Authenticated users can cause temporary unavailability or performance degradation of your site.
Conditions required to exploit
05Prerequisites
Valid login credentials with low-level user privileges; network access to the site.
Key dates
06Disclosure timeline
December 9, 2025
CVE published
April 28, 2026
Record updated