CVE-2026-32588
Received
Received - Intake
Authenticated DoS via CQL in Apache Cassandra 4.x Causes Latency
Vulnerability report for CVE-2026-32588, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-04-07
Last updated on: 2026-04-15
Assigner: Apache Software Foundation
Description
Description
Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes.
Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | cassandra | From 4.0.0 (inc) to 4.0.20 (exc) |
| apache | cassandra | From 4.1.0 (inc) to 4.1.11 (exc) |
| apache | cassandra | From 5.0.0 (inc) to 5.0.7 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |