CVE-2026-47784
Memcached SASL Password Timing Side Channel Vulnerability
Publication date: 2026-05-20
Last updated on: 2026-05-20
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| memcached | memcached | to 1.6.42 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-208 | Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in memcached versions before 1.6.42. It involves a timing side channel in the password data handling for SASL password database authentication. Specifically, the function sasl_server_userdb_checkpass uses memcmp to compare passwords, which can leak information through timing differences.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-47784 is a timing side-channel vulnerability in memcached's SASL password database authentication that could leak password bytes through timing analysis.
Such a vulnerability could potentially lead to unauthorized access if exploited, which in turn may result in exposure of sensitive data.
Exposure or compromise of sensitive authentication credentials can impact compliance with data protection regulations like GDPR and HIPAA, which require adequate protection of personal and health information.
Therefore, failure to address this vulnerability could increase the risk of non-compliance with these standards due to insufficient protection of authentication mechanisms.
Upgrading to memcached version 1.6.42, which fixes this timing side-channel, is strongly recommended to mitigate these risks.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a timing side-channel in the SASL password database authentication of memcached before version 1.6.42. Detection typically requires monitoring for unusual timing patterns during authentication attempts, which may indicate attempts to exploit the timing differences in password checks.
Since the vulnerability is related to timing differences in password comparison, direct detection via simple commands is challenging. However, you can check the memcached version running on your system to determine if it is vulnerable.
- Run the command: memcached -h or memcached --version to check the installed version.
- If the version is earlier than 1.6.42, your system is vulnerable.
For network detection, monitoring authentication attempts for unusual timing patterns would require specialized timing analysis tools or custom scripts, which are not detailed in the provided resources.
What immediate steps should I take to mitigate this vulnerability?
The primary and immediate mitigation step is to upgrade memcached to version 1.6.42 or later, as this release includes fixes that address the timing side-channel vulnerability in SASL password database authentication.
The update replaces the vulnerable password comparison method with a constant-time comparison function and removes early loop breaks that caused timing differences, effectively preventing timing-based attacks.
Until you can upgrade, consider restricting access to memcached authentication interfaces to trusted networks or hosts to reduce the risk of exploitation.
How can this vulnerability impact me? :
An attacker could exploit the timing side channel to gain information about passwords used in SASL authentication. This could lead to unauthorized access, compromising confidentiality, integrity, and availability of the system.