Primary

Context

Apache Cassandra Authenticated Denial-of-Service Vulnerability via Password Changes

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Apache Cassandra versions 4.0 (through 4.0.19), 4.1 (through 4.1.10), and 5.0 (through 5.0.6). This vulnerability allows authenticated users to increase query latencies by repeatedly changing passwords, causing disruption over the Cassandra Query Language (CQL) interface.

Impact

Exploitation of this vulnerability leads to increased query latencies, causing a denial-of-service condition for affected users.

Remediation

Users are advised to upgrade to Apache Cassandra versions 4.0.20, 4.1.11, or 5.0.7, all of which address this vulnerability.

Added: Apr 7, 2026, 7:41 PM

Updated: Apr 7, 2026, 7:41 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.9

remediation

7.7

relevance

5.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.9

remediation

7.7

relevance

5.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Cassandra Authenticated Denial-of-Service Vulnerability via Password Changes

Vulnerability

Impact

Remediation

Affected Products

Apache Cassandra

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating