CVE-2026-47846
published 2026-06-18CVE-2026-47846: Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the…
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.34%
25.6th percentile
Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRA_USER environment variable, the container initialization script creates the new superuser account but fails to drop the built-in cassandra account in certain scenarios. This leaves the default cassandra:cassandra superuser active as an unintended access path.
Affected versions — Container image: 4.0.x prior to 4.0.20-photon-5-r7; 4.1.x prior to 4.1.11-photon-5-r7; 5.0.x prior to 5.0.8-photon-5-r4 / 5.0.8-debian-12-r3.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bitnami | bitnami_cassandra | >= 4.0.0 < 4.0.20-photon-5-r7 | 4.0.20-photon-5-r7 |
| bitnami | bitnami_cassandra | >= 4.1.0 < 4.1.11-photon-5-r7 | 4.1.11-photon-5-r7 |
| bitnami | bitnami_cassandra | >= 5.0.0 < 5.0.8-photon-5-r4 | 5.0.8-photon-5-r4 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-18
Published