wid-sec-w-2026-1009 · Published 2026-04-07 · View on BSI CERT-Bund ↗

Apache Cassandra: Multiple Vulnerabilities

CVSS N/A NONE

Risk Summary

Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a user with only CREATE permission to associate their own certificate identity with an arbitrary role, including a superuser role, and authenticate as that role via ADD IDENTITY. Users are recommended to upgrade to version 5.0.7+, which fixes this issue.

CVEs (3)

CVE-2026-27314 CVE-2026-27315 CVE-2026-32588

Affected Vendors

Apache

Affected Products (6)

Apache · Cassandra <4.1.11

Apache · Cassandra 4.1.11

Apache · Cassandra <5.0.7

Apache · Cassandra 5.0.7

Apache · Cassandra <4.0.20

Apache · Cassandra 4.0.20

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more