HIGH🇵🇱 Wersja polska

CVE-2026-27314

CVSS 8.8v3.1pub. 2026-04-07upd. 2026-04-15

Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a user with only CREATE permission to associate their own certificate identity with an arbitrary role, including a superuser role, and authenticate as that role via ADD IDENTITY. Users are recommended to upgrade to version 5.0.7+, which fixes this issue.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Apache Cassandra

    APP
    Apache
    5.0.0 – 5.0.7 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2016-3427CRITICAL9.8⚠ KEVten sam produkt

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 ...

CVE-2021-44521CRITICAL9.1ten sam produkt

When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scr...

CVE-2018-8016CRITICAL9.8ten sam produkt

The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to...

CVE-2025-26467HIGH8.8ten sam produkt

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL...

CVE-2025-23015HIGH8.8ten sam produkt

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL...