8.1

CVE-2026-47783

Medienbericht
In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MemcachedMemcached Version < 1.6.42
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.31% 0.671
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cve@mitre.org 8.1 2.2 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 8.1 2.2 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-208 Observable Timing Discrepancy

Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
05.06.2026 12:48
https://github.com/memcached/memcached/commit/d13f282b4bce33a9c33b8a1bbf07f12114160fed
Patch
https://github.com/memcached/memcached/compare/1.6.41...1.6.42
Release Notes
https://github.com/memcached/memcached/wiki/ReleaseNotes1642
Release Notes
https://access.redhat.com/errata/RHSA-2026:27842
https://access.redhat.com/errata/RHSA-2026:27862
https://access.redhat.com/security/cve/CVE-2026-47783
https://bugzilla.redhat.com/show_bug.cgi?id=2480089
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-47783.json