com.ericsson.bss.cassandra.ecaudit:ecaudit_c4.0 (=3.1.3), com.instaclustr:cassandra-4 (=1.0) +28 more potentially affected by CVE-2026-32588 via org.apache.cassandra:cassandra-all (>=4.0-alpha3 <=4.0.2)

org.apache.cassandra:cassandra-all MAVEN version =4.0-alpha3, =1.0.2, =1.1, =1.0.0, =1.0.0, =1.1.1 - com.instaclustr:ttl-remover-cassandra-4.0.0 =1.0 - com.netflix.priam:priam =4.0.0-alpha9 - com.netflix.priam:priam-cass-extensions =4.0.0-alpha9 - com.netflix.priam:priam-dse-extensions...

com.ericsson.bss.cassandra.ecaudit:ecaudit_c4.0 (=3.1.3), com.instaclustr:cassandra-4 (=1.0) +28 more potentially affected by CVE-2026-32588 via org.apache.cassandra:cassandra-all (>=4.0-alpha3 <=4.0.2)

org.apache.cassandra:cassandra-all MAVEN version =4.0-alpha3, =1.0.2, =1.1, =1.0.0, =1.0.0, =1.1.1 - com.instaclustr:ttl-remover-cassandra-4.0.0 =1.0 - com.netflix.priam:priam =4.0.0-alpha9 - com.netflix.priam:priam-cass-extensions =4.0.0-alpha9 - com.netflix.priam:priam-dse-extensions...

GHSA-QXPC-96FQ-WWMG Apache Cassandra is vulnerable to privilege escalation in an mTLS environment using MutualTlsAuthenticator

Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a user with only CREATE permission to associate their own certificate identity with an arbitrary role, including a superuser role, and authenticate as that role via ADD IDENTITY. Users are...

PT-2026-30916

Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes. Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue...

EUVD-2025-25767

Malicious code in bioql PyPI...

EUVD-2023-2100

Malicious code in bioql PyPI...

EUVD-2022-2477

Malicious code in bioql PyPI...

BIT-CASSANDRA-2024-27137 Apache Cassandra: unrestricted deserialization of JMX authentication credentials

In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these...

CVE-2025-26511 Cassandra-Lucene-Index allows bypass of Cassandra RBAC

Systems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 and 4.1.2-1.0.0 through 4.1.8-1.0.0, installed into Apache Cassandra version 4.x, are susceptible to a vulnerability which when successfully exploited could allow...

Man-In-The-Middle (MITM)

org.apache.cassandra:cassandra-all is vulnerable to a Man-In-The-Middle attack. The vulnerability is due to improper RMI registry protections due to the ability of a local attacker to manipulate the RMI registry, allowing them to capture JMX interface credentials and perform unauthorized operatio...

Privilege Defined With Unsafe Actions

Overview org.apache.cassandra:cassandra-all is a maven plugin for the Apache Cassandra Project. Which, develops a highly scalable second-generation distributed database, bringing together Dynamo's fully distributed design and Bigtable's ColumnFamily-based data model. Affected versions of this...

com.ericsson.bss.cassandra.ecaudit:ecaudit_c4.1 (>=3.0.0 <=3.1.0), com.instaclustr:cassandra-ldap-4.1.0 (=1.0.0) +20 more potentially affected by CVE-2025-23015 via org.apache.cassandra:cassandra-all (>=4.1.0 <=4.1.6)

org.apache.cassandra:cassandra-all MAVEN version =4.1.0, =3.0.0, =4.1.0, =4.1.0, =4.1.0, =2.1.0-ALPHA-8, =0.13.0, =2.6.0, =2.10.0, =2.17.0 and more Source cves: CVE-2025-23015 Source advisory: OSV:GHSA-WMCC-9VCH-JMX4...

com.baidu.hugegraph:hugegraph-cassandra (>=0.7.4 <=0.11.2), com.baidu.hugegraph:hugegraph-dist (>=0.7.4 <=0.11.2) +97 more potentially affected by CVE-2025-23015 via org.apache.cassandra:cassandra-all (>=3.10 <=3.11.17)

org.apache.cassandra:cassandra-all MAVEN version =3.10, =0.7.4, =0.7.4, =0.7.4, =0.7.4, =0.7.4, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =6.5.13, =6.5.13, =6.5.248 and more Source cves: CVE-2025-23015 Source advisory:...

com.ericsson.bss.cassandra.ecaudit:ecaudit_c5.0 (>=3.1.0 <=3.1.1) potentially affected by CVE-2025-23015 +1 more via org.apache.cassandra:cassandra-all (>=5.0.0 <=5.0.2)

org.apache.cassandra:cassandra-all MAVEN version =5.0.0, =3.1.0, =3.1.1 Source cves: CVE-2025-23015, CVE-2025-26467 Source advisory: SNYK:JAVA-ORGAPACHECASSANDRA-8688120...

com.instaclustr:cassandra-4 (=1.0), com.instaclustr:cassandra-kerberos-4 (=1.0.0) +24 more potentially affected by CVE-2025-24860 via org.apache.cassandra:cassandra-all (>=4.0-alpha3 <=4.0.13)

org.apache.cassandra:cassandra-all MAVEN version =4.0-alpha3, =1.0.2, =1.1, =1.0.0, =1.0.0, =4.4.0.0, =4.4.0.1 and more Source cves: CVE-2025-24860 Source advisory: OSV:GHSA-3CJF-FWCQ-XH22...

Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...

ai.grakn:grakn (>=0.13.0 <=0.14.0), ai.grakn:grakn-client (>=0.13.0 <=0.14.0) +374 more potentially affected by CVE-2025-23015 via org.apache.cassandra:cassandra-all (>=0.7.0-rc4 <=3.0.3)

org.apache.cassandra:cassandra-all MAVEN version =0.7.0-rc4, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.7.0, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.13.0, =0.10.0, =0.13.0, =0.15.0, =0.6.1, =0.10.0 and more Source cves: CVE-2025-23015 Source advisory: OSV:GHSA-WMCC-9VCH-JMX4...

com.ericsson.bss.cassandra.ecaudit:ecaudit_c4.1 (>=3.0.0 <=3.1.0), com.instaclustr:cassandra-ldap-4.1.0 (=1.0.0) +20 more potentially affected by CVE-2024-27137 via org.apache.cassandra:cassandra-all (>=4.1.0 <=4.1.6)

org.apache.cassandra:cassandra-all MAVEN version =4.1.0, =3.0.0, =4.1.0, =4.1.0, =4.1.0, =2.1.0-ALPHA-8, =0.13.0, =2.6.0, =2.10.0, =2.17.0 and more Source cves: CVE-2024-27137 Source advisory: OSV:GHSA-RGFX-7P65-3FF4...

AZL-56446 CVE-2024-27137 affecting package cassandra 4.0.10-1

In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these...

CVE-2024-27137

CVE-2024-27137 technical details are not publicly available in the provided connected documents. Monitor for updates from vendor advisories to confirm affected versions, impact, and fixes.