{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-32588","assignerOrgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","state":"PUBLISHED","assignerShortName":"apache","dateReserved":"2026-03-12T13:36:03.338Z","datePublished":"2026-04-07T16:42:52.361Z","dateUpdated":"2026-04-09T14:43:57.808Z"},"containers":{"cna":{"affected":[{"collectionURL":"https://repo.maven.apache.org/maven2/","defaultStatus":"unaffected","packageName":"org.apache.cassandra:cassandra-all","product":"Apache Cassandra","vendor":"Apache Software Foundation","versions":[{"lessThanOrEqual":"4.0.19","status":"affected","version":"4.0","versionType":"semver"},{"lessThanOrEqual":"4.1.10","status":"affected","version":"4.1","versionType":"semver"},{"lessThanOrEqual":"5.0.6","status":"affected","version":"5.0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"reporter","value":"Youlong Chen, Institute of Computing Technology, Chinese Academy of Sciences"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes.<br>Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue."}],"value":"Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes.\nUsers are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue."}],"metrics":[{"other":{"content":{"text":"low"},"type":"Textual description of severity"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-400","description":"CWE-400 Uncontrolled Resource Consumption","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","shortName":"apache","dateUpdated":"2026-04-07T16:42:52.361Z"},"references":[{"tags":["vendor-advisory"],"url":"https://lists.apache.org/thread/2tnwjdnss378glxrsmnlzz3k53ftphrc"}],"source":{"advisory":"CASSANDRA-21202","discovery":"EXTERNAL"},"title":"Apache Cassandra: Authenticated DoS via ALTER ROLE Password Hashing","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"http://www.openwall.com/lists/oss-security/2026/04/07/9"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2026-04-07T17:26:02.509Z"}},{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":6.5,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2026-04-09T14:43:30.429610Z","id":"CVE-2026-32588","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-09T14:43:57.808Z"}}]}}