CVE-2025-26511

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-26511

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-26511.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-26511

Aliases

GHSA-mrqp-q7vx-v2cx

Published

2025-02-13T16:16:50Z

Modified

2025-02-14T02:55:09.129702Z

Summary

[none]

Details

Systems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 and 4.1.2-1.0.0 through 4.1.8-1.0.0, installed into Apache Cassandra version 4.x, are susceptible to a vulnerability which when successfully exploited could allow authenticated Cassandra users to remotely bypass RBAC and escalate their privileges.

References

https://github.com/instaclustr/cassandra-lucene-index/security/advisories/GHSA-mrqp-q7vx-v2cx

Affected packages

Git / github.com/instaclustr/cassandra-lucene-index

Affected ranges

Type: GIT
Repo: https://github.com/instaclustr/cassandra-lucene-index
Events: Introduced

09ecb458fc605fd786ca2591b7cff7440296dd80

Last affected

b9e9244bb1ef37cd1bce59ae9b66253a7ce01b10

Introduced

ec1fcf717d35d937d3a18220f4549207deaa39fa

Last affected

fa33e82ae6394aac465fafdaa69d454cbdd8ae6c

Affected versions

cassandra-4.*

cassandra-4.0-rc1-1.0.0

cassandra-4.0-rc1-1.0.1

cassandra-4.0-rc2-1.0.0

cassandra-4.0.0-1.0.0

cassandra-4.0.1-1.0.0

cassandra-4.0.10-1.0.0

cassandra-4.0.11-1.0.0

cassandra-4.0.12-1.0.0

cassandra-4.0.13-1.0.0

cassandra-4.0.16-1.0.0

cassandra-4.0.4-1.0.0

cassandra-4.0.8-1.0.0

cassandra-4.0.9-1.0.0

cassandra-4.1.2-1.0.0

cassandra-4.1.3-1.0.0

cassandra-4.1.3-1.0.1

cassandra-4.1.4-1.0.0

cassandra-4.1.5-1.0.0

cassandra-4.1.6-1.0.0

cassandra-4.1.8-1.0.0