CVE-2026-47784
Analyzed Analyzed - Analysis Complete
Memcached SASL Password Timing Side Channel Vulnerability

Publication date: 2026-05-20

Last updated on: 2026-05-21

Assigner: MITRE

Description
In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-20
Last Modified
2026-05-21
Generated
2026-06-10
AI Q&A
2026-05-20
EPSS Evaluated
2026-06-08
NVD
CVE-2026-47784
EUVD
EUVD-2026-31069
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
memcached memcached to 1.6.42 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-208 Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in memcached versions before 1.6.42. It involves a timing side channel in the password data handling for SASL password database authentication. Specifically, the function sasl_server_userdb_checkpass uses memcmp to compare passwords, which can leak information through timing differences.

Impact Analysis

An attacker could exploit the timing side channel to gain information about passwords used in SASL authentication. This could lead to unauthorized access, compromising confidentiality, integrity, and availability of the system.

Compliance Impact

CVE-2026-47784 is a timing side-channel vulnerability in memcached's SASL password database authentication that could leak password bytes through timing analysis.

Such a vulnerability could potentially lead to unauthorized access if exploited, which in turn may result in exposure of sensitive data.

Exposure or compromise of sensitive authentication credentials can impact compliance with data protection regulations like GDPR and HIPAA, which require adequate protection of personal and health information.

Therefore, failure to address this vulnerability could increase the risk of non-compliance with these standards due to insufficient protection of authentication mechanisms.

Upgrading to memcached version 1.6.42, which fixes this timing side-channel, is strongly recommended to mitigate these risks.

Detection Guidance

This vulnerability involves a timing side-channel in the SASL password database authentication of memcached before version 1.6.42. Detection typically requires monitoring for unusual timing patterns during authentication attempts, which may indicate attempts to exploit the timing differences in password checks.

Since the vulnerability is related to timing differences in password comparison, direct detection via simple commands is challenging. However, you can check the memcached version running on your system to determine if it is vulnerable.

  • Run the command: memcached -h or memcached --version to check the installed version.
  • If the version is earlier than 1.6.42, your system is vulnerable.

For network detection, monitoring authentication attempts for unusual timing patterns would require specialized timing analysis tools or custom scripts, which are not detailed in the provided resources.

Mitigation Strategies

The primary and immediate mitigation step is to upgrade memcached to version 1.6.42 or later, as this release includes fixes that address the timing side-channel vulnerability in SASL password database authentication.

The update replaces the vulnerable password comparison method with a constant-time comparison function and removes early loop breaks that caused timing differences, effectively preventing timing-based attacks.

Until you can upgrade, consider restricting access to memcached authentication interfaces to trusted networks or hosts to reduce the risk of exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-47784. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart