Changeflow GovPing Data Privacy & Cybersecurity Apache Cassandra Multiple Vulnerabilities - Pri...
Priority review Notice Added Final

Apache Cassandra Multiple Vulnerabilities - Privilege Escalation, Information Disclosure, DoS

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published
Detected
Email

Summary

CERT-Bund issued a security advisory warning of multiple vulnerabilities in Apache Cassandra database systems with a CVSS Base Score of 8.8. The flaws affect versions prior to 4.1.11, 5.0.7, and 4.0.20 across Linux, Windows, and UNIX platforms. Attackers can exploit these vulnerabilities to achieve privilege escalation, disclose information, and execute denial-of-service attacks.

View original document View source feed page

What changed

CERT-Bund published a security advisory detailing multiple vulnerabilities in Apache Cassandra (CVE references implied) with a high CVSS score of 8.8. The affected versions include Apache Cassandra prior to 4.1.11, 5.0.7, and 4.0.20, running on Linux, Windows, UNIX, and other operating systems. The vulnerabilities enable remote attackers to escalate privileges, expose sensitive information, and execute denial-of-service attacks.

Organizations running Apache Cassandra databases should immediately identify affected installations and apply the available patches to upgrade to secure versions. Failure to remediate could result in unauthorized access to data, system compromise through privilege escalation, or service disruption from DoS attacks. Security teams should review access controls and monitor for suspicious activity while patches are being deployed.

What to do next

  1. Identify all Apache Cassandra installations in your environment
  2. Apply security patches to upgrade to version 4.1.11, 5.0.7, 4.0.20 or higher
  3. Monitor for indicators of compromise related to privilege escalation or data exfiltration

Archived snapshot

Apr 8, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

[WID-SEC-2026-1009] Apache Cassandra: Mehrere Schwachstellen CVSS Base Score 8.8 (hoch) CVSS Temporal Score 7.7 (hoch) Remoteangriff ja Datum 07.04.2026 Stand 08.04.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Linux
  • Sonstiges
  • UNIX
  • Windows

Produktbeschreibung

Cassandra ist ein einfaches, verteiltes Datenbankverwaltungssystem für sehr große strukturierte Datenbanken.

Produkte

07.04.2026
- Apache Cassandra <4.1.11

  • Apache Cassandra <5.0.7

  • Apache Cassandra <4.0.20

Angriff

Angriff

Ein Angreifer kann mehrere Schwachstellen in Apache Cassandra ausnutzen, um seine Privilegien zu erhöhen, um Informationen offenzulegen, und um einen Denial of Service Angriff durchzuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Related changes

Favicon for wid.cert-bund.de OpenSSH Multiple Vulnerabilities - Remote Code Execution and Privilege Escalation
Urgent Apr 07, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Dell PowerScale OneFS Multiple Vulnerabilities, CVSS 6.6, Privilege Escalation
Priority review Apr 07, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Apache Traffic Server vulnerabilities allow DoS, request smuggling
Priority review Apr 07, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity

Get daily alerts for CERT-Bund Security Advisories

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from CERT-Bund.

What's AI-generated?

The plain-English summary, classification, and "what to do next" steps are AI-generated from the original text. Cite the source document, not the AI analysis.

Last updated

Press inquiries →

Classification

Agency
CERT-Bund
Published
April 7th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
WID-SEC-2026-1009

Who this affects

Applies to
Technology companies Government agencies
Industry sector
5112 Software & Technology
Activity scope
Database administration Security patching Vulnerability remediation
Geographic scope
Germany DE

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Privacy

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 292 Consumer Protection 44 Courts & Legal 360 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 101 Environment 85 Environmental Permits 1 Environmental Regulation 8 Government & Legislation 278 Healthcare 136 Housing 16 Immigration 9 Insurance 58 Labor & Employment 113 Legal 1 Legislative 1 Pharma & Drug Safety 104 Public Health 3 Securities & Markets 104 Securities Regulation 9 Tax 66 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.