threat
engine
.sh
Back
·
··:··
Home
/
Product
/
apache cassandra
Product
apache cassandra
16 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-32588
>= 4.0.0 and < 4.0.20
Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated passw
6.5
MEDIUM
CVE-2026-27315
>= 4.0.0 and < 4.0.20
Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previousl
5.5
MEDIUM
CVE-2026-27314
>= 5.0.0 and < 5.0.7
Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a user with only CREATE
8.8
HIGH
CVE-2025-26467
>= 3.0.0 and < 3.0.31
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escal
8.8
HIGH
CVE-2025-24860
>= 4.0.0 and < 4.0.16
Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not
5.4
MEDIUM
CVE-2024-27137
>= 4.0.2 and < 4.0.15
In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to
5.3
MEDIUM
CVE-2025-23015
>= 3.0.0 and < 3.0.31
Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escal
8.8
HIGH
CVE-2023-30601
>= 4.0.0 and < 4.0.10
Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache
7.8
HIGH
CVE-2021-44521
>= 3.0.0 and < 3.0.26
When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_f
9.1
CRITICAL
CVE-2020-17516
>= 2.1.0 and <= 2.1.22
Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' inter
7.5
HIGH
CVE-2020-13946
< 2.1.22
In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker witho
5.9
MEDIUM
CVE-2019-2684
>= 2.1.0 and < 2.1.22
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affect
5.9
MEDIUM
CVE-2018-8016
>= 3.8 and <= 3.11.1
The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfa
9.8
CRITICAL
CVE-2016-4970
all versions
handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a
7.5
HIGH
CVE-2016-3427
>= 2.1.0 and < 2.1.22
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attack
9.8
CRITICAL
CVE-2015-0225
all versions
The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthe
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin