6.5

CVE-2026-32588

Apache Cassandra: Authenticated DoS via ALTER ROLE Password Hashing

Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes.
Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheCassandra Version >= 4.0.0 < 4.0.20
ApacheCassandra Version >= 4.1.0 < 4.1.11
ApacheCassandra Version >= 5.0.0 < 5.0.7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.53% 0.407
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

https://lists.apache.org/thread/2tnwjdnss378glxrsmnlzz3k53ftphrc
Vendor Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2026/04/07/9
Third Party Advisory
Mailing List