CVE-2026-62764
Received
Received - Intake
Denial of Service in Apache Accumulo via Command Injection
Vulnerability report for CVE-2026-62764, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-17
Last updated on: 2026-07-17
Assigner: Apache Software Foundation
Description
Description
Improper Handling of Insufficient Privileges vulnerability in Apache Accumulo.
An authenticated, but low-privileged user without system permissions may
issue a remote command to gracefully shutdown system components
(compaction-coordinator, compactor, gc, manager, monitor, tserver, or sserver),
leading to a denial of service.
This issue affects Apache Accumulo 2.1.4 and 2.1.5.
Users are recommended to upgrade to version 2.1.6, which fixes the issue.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | accumulo | From 2.1.4 (inc) to 2.1.5 (inc) |
| apache | accumulo | 2.1.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-274 | The product does not handle or incorrectly handles when it has insufficient privileges to perform an operation, leading to resultant weaknesses. |