{"api_version":"1","generated_at":"2026-04-07T19:52:19+00:00","cve":"CVE-2026-32588","urls":{"html":"https://cve.report/CVE-2026-32588","api":"https://cve.report/api/cve/CVE-2026-32588.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-32588","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-32588"},"summary":{"title":"Apache Cassandra: Authenticated DoS via ALTER ROLE Password Hashing","description":"Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes.\nUsers are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue.","state":"PUBLISHED","assigner":"apache","published_at":"2026-04-07 17:16:28","updated_at":"2026-04-07 18:16:41"},"problem_types":["CWE-400","CWE-400 CWE-400 Uncontrolled Resource Consumption"],"metrics":[],"references":[{"url":"https://lists.apache.org/thread/2tnwjdnss378glxrsmnlzz3k53ftphrc","name":"https://lists.apache.org/thread/2tnwjdnss378glxrsmnlzz3k53ftphrc","refsource":"security@apache.org","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2026/04/07/9","name":"http://www.openwall.com/lists/oss-security/2026/04/07/9","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-32588","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32588","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Apache Software Foundation","product":"Apache Cassandra","version":"affected 4.0 4.0.19 semver","platforms":[]},{"source":"CNA","vendor":"Apache Software Foundation","product":"Apache Cassandra","version":"affected 4.1 4.1.10 semver","platforms":[]},{"source":"CNA","vendor":"Apache Software Foundation","product":"Apache Cassandra","version":"affected 5.0 5.0.6 semver","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Youlong Chen, Institute of Computing Technology, Chinese Academy of Sciences","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2026-04-07T17:26:02.509Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"url":"http://www.openwall.com/lists/oss-security/2026/04/07/9"}],"title":"CVE Program Container"}],"cna":{"affected":[{"collectionURL":"https://repo.maven.apache.org/maven2/","defaultStatus":"unaffected","packageName":"org.apache.cassandra:cassandra-all","product":"Apache Cassandra","vendor":"Apache Software Foundation","versions":[{"lessThanOrEqual":"4.0.19","status":"affected","version":"4.0","versionType":"semver"},{"lessThanOrEqual":"4.1.10","status":"affected","version":"4.1","versionType":"semver"},{"lessThanOrEqual":"5.0.6","status":"affected","version":"5.0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"reporter","value":"Youlong Chen, Institute of Computing Technology, Chinese Academy of Sciences"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes.<br>Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue."}],"value":"Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes.\nUsers are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue."}],"metrics":[{"other":{"content":{"text":"low"},"type":"Textual description of severity"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-400","description":"CWE-400 Uncontrolled Resource Consumption","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-07T16:42:52.361Z","orgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","shortName":"apache"},"references":[{"tags":["vendor-advisory"],"url":"https://lists.apache.org/thread/2tnwjdnss378glxrsmnlzz3k53ftphrc"}],"source":{"advisory":"CASSANDRA-21202","discovery":"EXTERNAL"},"title":"Apache Cassandra: Authenticated DoS via ALTER ROLE Password Hashing","x_generator":{"engine":"Vulnogram 0.2.0"}}},"cveMetadata":{"assignerOrgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","assignerShortName":"apache","cveId":"CVE-2026-32588","datePublished":"2026-04-07T16:42:52.361Z","dateReserved":"2026-03-12T13:36:03.338Z","dateUpdated":"2026-04-07T17:26:02.509Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-04-07 17:16:28","lastModifiedDate":"2026-04-07 18:16:41","problem_types":["CWE-400","CWE-400 CWE-400 Uncontrolled Resource Consumption"],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"32588","Ordinal":"1","Title":"Apache Cassandra: Authenticated DoS via ALTER ROLE Password Hash","CVE":"CVE-2026-32588","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"32588","Ordinal":"1","NoteData":"Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes.\nUsers are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue.","Type":"Description","Title":"Apache Cassandra: Authenticated DoS via ALTER ROLE Password Hash"}]}}}