CVE-2026-27314

Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a user with only CREATE permission to associate their own certificate identity with an arbitrary role, including a superuser role, and authenticate as that role via ADD IDENTITY. Users are...

Apache Cassandra is vulnerable to privilege escalation in an mTLS environment using MutualTlsAuthenticator

Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a user with only CREATE permission to associate their own certificate identity with an arbitrary role, including a superuser role, and authenticate as that role via ADD IDENTITY. Users are...

Improper Control of Interaction Frequency

Overview org.apache.cassandra:cassandra-all is a maven plugin for the Apache Cassandra Project. Which, develops a highly scalable second-generation distributed database, bringing together Dynamo's fully distributed design and Bigtable's ColumnFamily-based data model. Affected versions of this...

Privilege Defined With Unsafe Actions

Overview org.apache.cassandra:cassandra-all is a maven plugin for the Apache Cassandra Project. Which, develops a highly scalable second-generation distributed database, bringing together Dynamo's fully distributed design and Bigtable's ColumnFamily-based data model. Affected versions of this...

CVE-2026-32588

The CVE affects Apache Cassandra (versions 4.0, 4.1, 5.0). A vulnerability in the Cassandra Query Language (CQL) path allows an authenticated user to repeatedly change passwords (ALTER ROLE) and trigger expensive authentication-table reads/writes, causing increased query latency and potential Den...

CVE-2026-27314

Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a user with only CREATE permission to associate their own certificate identity with an arbitrary role, including a superuser role, and authenticate as that role via ADD IDENTITY. Users are...

PT-2024-6225

Name of the Vulnerable Software and Affected Versions: Django versions 4.2 through 4.2.13 Django versions 5.0 through 5.0.6 Description: The issue is related to a potential denial of service attack via certain inputs with a very large number of brackets in the urlize and urlizetrunc functions. Th...

PT-2020-18365 · Symfony · Symfony Security Http

Name of the Vulnerable Software and Affected Versions: symfony/security-http versions 4.4.0 through 4.4.6 symfony/security-http versions 5.0.0 through 5.0.6 Description: The issue arises when a Firewall checks access control rules using the unanimous strategy. In affected versions, the Firewall...