GHSA-qffm-gf3j-6mvg

Source

https://github.com/advisories/GHSA-qffm-gf3j-6mvg

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-qffm-gf3j-6mvg/GHSA-qffm-gf3j-6mvg.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-qffm-gf3j-6mvg

Aliases

CVE-2026-32588

Published

2026-04-07T18:31:37Z

Modified

2026-04-08T19:57:11.705056Z

Severity

2.3 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVSS Calculator

Summary

Apache Cassandra has an authenticated DoS over CQL

Details

Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes. Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue.

Database specific

{
    "nvd_published_at": "2026-04-07T17:16:28Z",
    "severity": "LOW",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-400"
    ],
    "github_reviewed_at": "2026-04-08T19:31:59Z"
}

References

Affected packages

Maven

org.apache.cassandra:cassandra-all

Package

Name: org.apache.cassandra:cassandra-all; View open source insights on deps.dev
Purl: pkg:maven/org.apache.cassandra/cassandra-all

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0

Fixed

4.0.20

Affected versions

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.0.8

4.0.9

4.0.10

4.0.11

4.0.12

4.0.13

4.0.14

4.0.15

4.0.16

4.0.17

4.0.18

4.0.19

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-qffm-gf3j-6mvg/GHSA-qffm-gf3j-6mvg.json"

org.apache.cassandra:cassandra-all

Package

Name: org.apache.cassandra:cassandra-all; View open source insights on deps.dev
Purl: pkg:maven/org.apache.cassandra/cassandra-all

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.1

Fixed

4.1.11

Affected versions

4.*

4.1.0

4.1.1

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6

4.1.7

4.1.8

4.1.9

4.1.10

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-qffm-gf3j-6mvg/GHSA-qffm-gf3j-6mvg.json"

org.apache.cassandra:cassandra-all

Package

Name: org.apache.cassandra:cassandra-all; View open source insights on deps.dev
Purl: pkg:maven/org.apache.cassandra/cassandra-all

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.0

Fixed

5.0.7

Affected versions

5.*

5.0.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-qffm-gf3j-6mvg/GHSA-qffm-gf3j-6mvg.json"