CVE-2026-32588

EPSS 0.07%

Apache Cassandra has an authenticated DoS over CQL

發布日:2026/4/7修改日:2026/4/8

描述

Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes. Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue.

受影響套件(1)

Maven/org.apache.cassandra:cassandra-all>= 4.0, < 4.0.20

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-32588
WEBhttps://lists.apache.org/thread/2tnwjdnss378glxrsmnlzz3k53ftphrc
WEBhttp://www.openwall.com/lists/oss-security/2026/04/07/9