SB20260407105 - Multiple vulnerabilities in Apache Cassandra

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Improper access control (CVE-ID: CVE-2026-27314)

The vulnerability allows a remote user to escalate privileges.

The vulnerability exists due to improper access control in ADD IDENTITY authorization handling when associating a certificate identity with an arbitrary role in an mTLS environment using MutualTlsAuthenticator. A remote user can associate their own certificate identity with an arbitrary role to escalate privileges.

Exploitation requires an mTLS environment using MutualTlsAuthenticator and CREATE permission.

2) Resource exhaustion (CVE-ID: CVE-2026-32588)

The vulnerability allows a remote user to cause a denial of service.

The vulnerability exists due to resource consumption in ALTER ROLE password hashing when processing repeated password change requests over CQL. A remote user can issue repeated password change requests to cause a denial of service.

3) Cleartext storage of sensitive information (CVE-ID: CVE-2026-27315)

The vulnerability allows a local user to disclose sensitive information.

The vulnerability exists due to improper handling of sensitive information in the cqlsh history file when saving previously executed cqlsh commands. A local user can read the local ~/.cassandra/cqlsh_history file to disclose sensitive information.

Passwords used in commands such as login or user creation may be stored in cleartext in the history file.

Remediation

Install update from vendor's website.

References

• https://lists.apache.org/api/email.lua?id=2j694chfc5dhxs0gh986tf696zdwbh1n
• https://www.cve.org/CVERecord?id=CVE-2026-27314
• https://lists.apache.org/api/email.lua?id=9rg8llnj4o1rhch67rb2b2sobrwp5q0w
• https://www.cve.org/CVERecord?id=CVE-2026-32588
• https://lists.apache.org/api/email.lua?id=2op2skhphcq1w3z092v59nv0r1jjowt7
• https://www.cve.org/CVERecord?id=CVE-2026-27315