CVE-2026-32588

Summary

Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes. Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Cassandra4.0 <= 4.0.19affected
Apache Software FoundationApache Cassandra4.1 <= 4.1.10affected
Apache Software FoundationApache Cassandra5.0 <= 5.0.6affected

Weaknesses

  • CWE-400: CWE-400 Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References