Privilege escalation in Apache Software Foundation Cassandra
CVE-2026-27314
Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a user with only CREATE permission to associate their own certificate identity with an arbitrary role, including a superuser role, and…
EPSS: 0.000 (11.3th percentile) — read the EPSS interpretation.
Affected products
- Apache Software Foundation Cassandra — versions 5.0
Weakness classification (CWE)
References
- lists.apache.org/thread/zrng82ddy4rpsmfyk582v6hqxcqrbz7f (vendor-advisory)