Known Vulnerabilities for Cassandra by Apache
Listed below are 10 of the newest known vulnerabilities associated with "Cassandra" by "Apache".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40974 json | Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL connection to Cass... | Not Provided | 2026-04-28 | 2026-04-28 |
| CVE-2026-35588 json | Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module (`glance... | Not Provided | 2026-04-21 | 2026-04-21 |
| CVE-2026-33844 json | Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a... | Not Provided | 2026-05-07 | 2026-05-07 |
| CVE-2026-33109 json | Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a n... | Not Provided | 2026-05-07 | 2026-05-08 |
| CVE-2026-32588 json | Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated ... | Not Provided | 2026-04-07 | 2026-04-09 |
| CVE-2026-27315 json | Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from prev... | Not Provided | 2026-04-07 | 2026-04-09 |
| CVE-2026-27314 json | Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a user with only CR... | Not Provided | 2026-04-07 | 2026-04-08 |
| CVE-2023-30601 json | Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running A... | 7.8 - HIGH | 2023-05-30 | 2023-06-05 |
| CVE-2021-44521 json | When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defi... | 9.1 - CRITICAL | 2022-02-11 | 2022-08-09 |
| CVE-2020-17516 json | Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' ... | 7.5 - HIGH | 2021-02-03 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Cassandra | 4.0.0 | |||
| Application | Apache | Cassandra | 4.0.0 | |||
| Application | Apache | Cassandra | 4.0.0 | |||
| Application | Apache | Cassandra | 4.0.0 | |||
| Application | Apache | Cassandra | 4.0.0 | |||
| Application | Apache | Cassandra | 4.0.0 | |||
| Application | Apache | Cassandra | 3.9 | |||
| Application | Apache | Cassandra | 3.8 | |||
| Application | Apache | Cassandra | 3.7 | |||
| Application | Apache | Cassandra | 3.6 | |||
| Application | Apache | Cassandra | 3.5 | |||
| Application | Apache | Cassandra | 3.4 | |||
| Application | Apache | Cassandra | 3.3 | |||
| Application | Apache | Cassandra | 3.2.1 | |||
| Application | Apache | Cassandra | 3.2 | |||
| Application | Apache | Cassandra | 3.11.9 | |||
| Application | Apache | Cassandra | 3.11.8 | |||
| Application | Apache | Cassandra | 3.11.7 | |||
| Application | Apache | Cassandra | 3.11.6 | |||
| Application | Apache | Cassandra | 3.11.5 |