Information disclosure in Apache Software Foundation Cassandra

CVE-2026-27315

Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via ~/.cassandra/cqlsh_history local file access. Users are recommended to upgrade…

EPSS: 0.000 (2.8th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Cassandra — versions 4.0

Weakness classification (CWE)

CWE-532 — Insertion of Sensitive Information into Log File

References

issues.apache.org/jira/browse/CASSANDRA-21180 (issue-tracking)
lists.apache.org/thread/ft77zrk2mzt8qsch4g6jqjj4901d22k3 (vendor-advisory)