CVE-2025-26511

Summary

Systems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 and 4.1.2-1.0.0 through 4.1.8-1.0.0, installed into Apache Cassandra version 4.x, are susceptible to a vulnerability which when successfully exploited could allow authenticated Cassandra users to remotely bypass RBAC and escalate their privileges.

Affected Software

VendorProductVersion RangeStatus
NetAppInstaclustr fork of Stratio’s Cassandra-Lucene-Index plugin4.0-rc1-1.0.0 <= 4.0.16-1.0.0affected
NetAppInstaclustr fork of Stratio’s Cassandra-Lucene-Index plugin4.1.2-1.0.0 <= 4.1.8-1.0.0affected

Weaknesses

  • CWE-863: CWE-863

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References