Cassandra

This hub aggregates every CVE we track for Cassandra, a product in the databases space. Use it to gauge the current risk picture and drill into individual advisories.

Databaseson-premdatabase

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

MEDIUM15HIGH12CRITICAL3LOW1

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Cassandra.

CVE-2026-32588Apache Cassandra: Authenticated DoS via ALTER ROLE Password Hashing6.5Apr 7, 2026
CVE-2026-27315Apache Cassandra: cqlsh history sensitive information leak5.5Apr 7, 2026
CVE-2026-27314Apache Cassandra: Privilege escalation via ADD IDENTITY authorization bypass8.8Apr 7, 2026
CVE-2025-26467Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only)8.8Aug 25, 2025
CVE-2024-27137Apache Cassandra: unrestricted deserialization of JMX authentication credentials5.3Feb 4, 2025
CVE-2025-24860Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions5.4Feb 4, 2025
CVE-2025-23015Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions8.8Feb 4, 2025
CVE-2023-34462netty-handler SniHandler 16MB allocation6.5Jun 22, 2023
CVE-2023-2976Use of temporary directory for file creation in `FileBackedOutputStream` in Guava5.5Jun 14, 2023
CVE-2023-30601Apache Cassandra: Privilege escalation when enabling FQL/Audit logs7.8May 30, 2023
CVE-2022-41881Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an...5.3Dec 12, 2022
CVE-2022-1471Remote Code execution in SnakeYAML8.3Dec 1, 2022
CVE-2022-41854Stack Overflow in Snakeyaml5.8Nov 11, 2022
CVE-2022-42003In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting...7.5Oct 2, 2022
CVE-2022-42004In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An applicat...7.5Oct 2, 2022

Product normalization is registry-driven with AI assist and human review. How it works