cbcvebase.
CVE-2026-47846
published 2026-06-18

CVE-2026-47846: Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the…

PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.34%
25.6th percentile
Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRA_USER environment variable, the container initialization script creates the new superuser account but fails to drop the built-in cassandra account in certain scenarios. This leaves the default cassandra:cassandra superuser active as an unintended access path. Affected versions — Container image: 4.0.x prior to 4.0.20-photon-5-r7; 4.1.x prior to 4.1.11-photon-5-r7; 5.0.x prior to 5.0.8-photon-5-r4 / 5.0.8-debian-12-r3.

Affected

3 ranges
VendorProductVersion rangeFixed in
bitnamibitnami_cassandra>= 4.0.0 < 4.0.20-photon-5-r74.0.20-photon-5-r7
bitnamibitnami_cassandra>= 4.1.0 < 4.1.11-photon-5-r74.1.11-photon-5-r7
bitnamibitnami_cassandra>= 5.0.0 < 5.0.8-photon-5-r45.0.8-photon-5-r4
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.