CVE-2026-32588

Severity CVSS v4.0:

Pending analysis

Type:

CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

Publication date:

07/04/2026

Last modified:

07/04/2026

Description

Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes.<br /> Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue.

Impact

References to Advisories, Solutions, and Tools

https://lists.apache.org/thread/2tnwjdnss378glxrsmnlzz3k53ftphrc
http://www.openwall.com/lists/oss-security/2026/04/07/9