CVE-2026-14254
Received Received - Intake

Race Condition Bypasses Account Lockout in Delphix Continuous Data

Vulnerability report for CVE-2026-14254, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-16

Last updated on: 2026-07-16

Assigner: Perforce

Description

A race condition in the account lockout mechanism in Delphix Continous Data allowed the lockout threshold to be bypassed through concurrent authentication requests. Parallel login attempts were processed before the failed-login counter and lockout status were updated, defeating brute-force protections and enabling continued password guessing against a targeted account.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-16
Last Modified
2026-07-16
Generated
2026-07-16
AI Q&A
2026-07-16
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
delphix continuous_data *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-307 The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a race condition in Delphix Continuous Data's account lockout mechanism. It allows attackers to bypass the lockout threshold by sending multiple concurrent authentication requests. The system fails to update the failed-login counter and lockout status in time, letting brute-force attacks continue against a targeted account.

Detection Guidance

This vulnerability involves a race condition in Delphix Continuous Data's account lockout mechanism. Detection would require monitoring authentication logs for unusual parallel login attempts against the same account, especially where failed attempts exceed the lockout threshold without triggering a lockout. Check for multiple rapid authentication requests from the same or different sources targeting a single account.

Impact Analysis

Attackers could exploit this to repeatedly guess passwords against your account without being locked out. This increases the risk of unauthorized access, data breaches, or further compromise of your systems if the account has elevated privileges.

Compliance Impact

This vulnerability could undermine compliance with GDPR and HIPAA by weakening account lockout mechanisms, which are critical for protecting sensitive data. GDPR requires strong authentication controls to prevent unauthorized access, while HIPAA mandates safeguards against brute-force attacks. The race condition allows bypassing these protections, potentially enabling unauthorized access to personal or health data.

Mitigation Strategies

Apply the latest security patches or updates from Delphix for Continuous Data to fix the race condition in the account lockout mechanism. Ensure concurrent authentication requests are properly synchronized to prevent bypassing lockout thresholds.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-14254. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart