CVE-2026-47783

Summary

In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.

Affected Software

VendorProductVersion RangeStatus
memcachedmemcached0 < 1.6.42affected

Weaknesses

  • CWE-208: CWE-208 Observable Timing Discrepancy

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

memcached: memcached: Username enumeration via timing side channel

Additional References

References