Skip to main content

Apache EUVDEUVD-2026-19761

| CVE-2026-27314 HIGH
Privilege Defined With Unsafe Actions (CWE-267)
2026-04-07 apache GHSA-qxpc-96fq-wwmg
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch released
Apr 09, 2026 - 02:30 nvd
Patch available
EUVD ID Assigned
Apr 07, 2026 - 17:00 euvd
EUVD-2026-19761
Analysis Generated
Apr 07, 2026 - 17:00 vuln.today
CVE Published
Apr 07, 2026 - 16:33 nvd
HIGH 8.8

DescriptionCVE.org

Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a user with only CREATE permission to associate their own certificate identity with an arbitrary role, including a superuser role, and authenticate as that role via ADD IDENTITY.

Users are recommended to upgrade to version 5.0.7+, which fixes this issue.

AnalysisAI

Apache Cassandra 5.0 through 5.0.6 in mTLS environments using MutualTlsAuthenticator allows authenticated users with only CREATE permission to escalate privileges to superuser via certificate identity manipulation through the ADD IDENTITY command. CVSS 8.8 reflects high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, with SSVC indicating non-automatable exploitation but total technical impact. Apache released patch version 5.0.7+ addressing this privilege escalation flaw (CWE-267: Privilege Defined With Unsafe Actions).

Technical ContextAI

Apache Cassandra is a distributed NoSQL database system. This vulnerability affects deployments using mutual TLS (mTLS) authentication with the MutualTlsAuthenticator component, which binds X.509 certificate identities to database roles. The flaw (CWE-267: Privilege Defined With Unsafe Actions) stems from insufficient authorization checks in the ADD IDENTITY operation. The MutualTlsAuthenticator is designed to map client certificates to internal Cassandra roles for access control, but versions 5.0 through 5.0.6 fail to validate that users adding certificate identities have appropriate privileges. This allows an attacker with minimal CREATE permission to associate their certificate with any role, including SUPERUSER, effectively bypassing the entire role-based access control (RBAC) model in mTLS-enabled clusters. The vulnerability only manifests in environments where mTLS client authentication is configured, not in default username/password authentication setups.

RemediationAI

Upgrade immediately to Apache Cassandra version 5.0.7 or later, which contains fixes for the privilege escalation vulnerability. Organizations should prioritize patching for production clusters using mTLS authentication with MutualTlsAuthenticator, as this is the only affected configuration. During upgrade planning, audit existing certificate-to-role mappings to identify any unauthorized privilege associations created through exploitation of this vulnerability. If immediate patching is not feasible, temporary risk reduction can be achieved by restricting CREATE permission grants to only highly trusted users in mTLS environments, though this is not a complete mitigation. Review access logs for suspicious ADD IDENTITY operations, particularly those associating certificates with superuser or other high-privilege roles. Consult the official Apache Cassandra security advisory at https://lists.apache.org/thread/zrng82ddy4rpsmfyk582v6hqxcqrbz7f for detailed upgrade instructions and additional security guidance. No workarounds fully address the vulnerability; patching to 5.0.7+ is the definitive remediation.

Share

EUVD-2026-19761 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy