Known Vulnerabilities for Cassandra by Apache
Listed below are 10 of the newest known vulnerabilities associated with "Cassandra" by "Apache".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-35588 json | Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module (`glance... | Not Provided | 2026-04-21 | 2026-04-21 |
| CVE-2026-32588 json | Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated ... | Not Provided | 2026-04-07 | 2026-04-09 |
| CVE-2026-27315 json | Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from prev... | Not Provided | 2026-04-07 | 2026-04-09 |
| CVE-2026-27314 json | Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a user with only CR... | Not Provided | 2026-04-07 | 2026-04-08 |
| CVE-2023-30601 json | Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running A... | 7.8 - HIGH | 2023-05-30 | 2023-06-05 |
| CVE-2021-44521 json | When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defi... | 9.1 - CRITICAL | 2022-02-11 | 2022-08-09 |
| CVE-2020-17516 json | Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' ... | 7.5 - HIGH | 2021-02-03 | 2023-11-07 |
| CVE-2020-13946 json | In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker ... | 5.9 - MEDIUM | 2020-09-01 | 2023-11-07 |
| CVE-2019-2684 json | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are a... | 5.9 - MEDIUM | 2019-04-23 | 2023-11-07 |
| CVE-2018-8016 json | The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network in... | 9.8 - CRITICAL | 2018-06-28 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Cassandra | 4.0.0 | |||
| Application | Apache | Cassandra | 4.0.0 | |||
| Application | Apache | Cassandra | 4.0.0 | |||
| Application | Apache | Cassandra | 4.0.0 | |||
| Application | Apache | Cassandra | 4.0.0 | |||
| Application | Apache | Cassandra | 4.0.0 | |||
| Application | Apache | Cassandra | 3.9 | |||
| Application | Apache | Cassandra | 3.8 | |||
| Application | Apache | Cassandra | 3.7 | |||
| Application | Apache | Cassandra | 3.6 | |||
| Application | Apache | Cassandra | 3.5 | |||
| Application | Apache | Cassandra | 3.4 | |||
| Application | Apache | Cassandra | 3.3 | |||
| Application | Apache | Cassandra | 3.2.1 | |||
| Application | Apache | Cassandra | 3.2 | |||
| Application | Apache | Cassandra | 3.11.9 | |||
| Application | Apache | Cassandra | 3.11.8 | |||
| Application | Apache | Cassandra | 3.11.7 | |||
| Application | Apache | Cassandra | 3.11.6 | |||
| Application | Apache | Cassandra | 3.11.5 |