CVE-2026-27315

CWE-532 — Log File Information Exposure5 documents5 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 98.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Cassandra

Timeline

PublishedApr 7

Description

Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via ~/.cassandra/cqlsh_history local file access. Users are recommended to upgrade to version 4.0.20, which fixes this issue. -- Description: Cassandra's command-line tool, cqlsh, provides a command history feature that allows users to recall previously executed commands using the up/down arrow keys. These history records are saved in the ~/…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Mavenorg.apache.cassandra:cassandra-all4.0 — 4.0.20

▶CVEListV5apache_software_foundation/apache_cassandra4.0 — 4.0.19

🔴Vulnerability Details

CVEList

Apache Cassandra: cqlsh history sensitive information leak↗2026-04-07

▶

GHSA

Apache Cassandra has sensitive Information Leak in cqlsh↗2026-04-07

▶

OSV

Apache Cassandra has sensitive Information Leak in cqlsh↗2026-04-07

▶

🕵️Threat Intelligence

Wiz

CVE-2026-27315 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶