Denial of Service Vulnerability in Apache Cassandra
CVE-2026-32588

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Cassandra
Vendor: CVE Published:; 7 April 2026

What is CVE-2026-32588?

An authenticated denial of service vulnerability exists in Apache Cassandra, affecting the 4.0, 4.1, and 5.0 versions. This vulnerability allows users with authenticated access to increase query latencies by repeatedly changing their passwords. This can lead to significant performance degradation and potential service outages. It is recommended that users upgrade to versions 4.0.20, 4.1.11, or 5.0.7 to mitigate the impact of this vulnerability.

Affected Version(s)

Apache Cassandra 4.0 <= 4.0.19

Apache Cassandra 4.1 <= 4.1.10

Apache Cassandra 5.0 <= 5.0.6

References

https://lists.apache.org/thread/2tnwjdnss378glxrsmnlzz3k5...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Mar 12, 2026

Credit

Youlong Chen, Institute of Computing Technology, Chinese Academy of Sciences

CVE-2026-32588 Data

JSON