← volver
CVE-2026-32588

Apache Cassandra: Authenticated DoS via ALTER ROLE Password Hashing

CVSS 6.5 MEDIUMEPSS 0.5%CWE-400
Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes. Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Productos afectados
Apache Software Foundation · Apache Cassandra

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://lists.apache.org/thread/2tnwjdnss378glxrsmnlzz3k53ftphrchttp://www.openwall.com/lists/oss-security/2026/04/07/9