Régis Leroy from Makina Corpus discovered that varnish, a caching HTTP reverse proxy, is vulnerable to HTTP smuggling issues, potentially resulting in cache poisoning or bypassing of access control policies.