Home

Description

Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes. Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue.

PUBLISHED Reserved 2026-03-12 | Published 2026-04-07 | Updated 2026-04-09 | Assigner apache

Problem types

CWE-400 Uncontrolled Resource Consumption

Product status

Default status
unaffected

4.0 (semver)
affected

4.1 (semver)
affected

5.0 (semver)
affected

Credits

Youlong Chen, Institute of Computing Technology, Chinese Academy of Sciences reporter

References

www.openwall.com/lists/oss-security/2026/04/07/9

lists.apache.org/thread/2tnwjdnss378glxrsmnlzz3k53ftphrc vendor-advisory

cve.org (CVE-2026-32588)

nvd.nist.gov (CVE-2026-32588)

Download JSON