Apache Software Foundation Apache Cassandra vulnerabilities

CVE-2026-27314 [HIGH] CWE-267 CVE-2026-27314: Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator all Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a user with only CREATE permission to associate their own certificate identity with an arbitrary role, including a superuser role, and authenticate as that role via ADD IDENTITY. Users are recommended to upgrade to version 5.0.7+, which fixes this

CVE-2026-32588 [MEDIUM] CWE-400 CVE-2026-32588: Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise quer Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes. Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue.

CVE-2026-27315 [MEDIUM] CWE-532 CVE-2026-27315: Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via ~/.cassandra/cqlsh_history local file access. Users are recommended to upgrade to version 4.0.20, which fixes this issue. -- Description: Cassandra's command-line tool, cqlsh, provides a comm

CVE-2025-26467 [HIGH] CWE-267 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only) Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only) Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsaf

CVE-2025-23015 [HIGH] CWE-267 CVE-2025-23015: Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permiss Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for po

CVE-2025-24860 [MEDIUM] CWE-863 CVE-2025-24860: Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or I Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control language (DCL) statements on affected versions. Th

CVE-2024-27137 [MEDIUM] Apache Cassandra: unrestricted deserialization of JMX authentication credentials Apache Cassandra: unrestricted deserialization of JMX authentication credentials In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to

CVE-2023-30601 [HIGH] CWE-269 CVE-2023-30601: Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary comma Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra This issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1. WORKAROUND The vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users. MI

CVE-2021-44521 [CRITICAL] CWE-94 CVE-2021-44521: When running Apache Cassandra with the following configuration: enable_user_defined_functions: true When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the

CVE-2020-13946 [MEDIUM] CWE-668 CVE-2020-13946: In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possi In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can

CVE-2018-8016 [HIGH] CVE-2018-8016: The default configuration in Apache Cassandra 3 The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in https://issues.apache.org/jira/browse/CASSANDRA-12109. The fix for the regression is implemented in https://issues.apache.

CVE-2015-0225 [HIGH] CWE-77 CVE-2015-0225: The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.