{"id":"CVE-2026-32588","summary":"Apache Cassandra: Authenticated DoS via ALTER ROLE Password Hashing","details":"Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes.\nUsers are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue.","aliases":["GHSA-qffm-gf3j-6mvg"],"modified":"2026-05-18T05:59:55.572409681Z","published":"2026-04-07T16:42:52.361Z","database_specific":{"cwe_ids":["CWE-400"],"cna_assigner":"apache","unresolved_ranges":[{"extracted_events":[{"introduced":"4.0"},{"last_affected":"4.0.19"},{"introduced":"4.1"},{"last_affected":"4.1.10"},{"introduced":"5.0"},{"last_affected":"5.0.6"}],"source":"AFFECTED_FIELD"}],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32588.json"},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2026/04/07/9"},{"type":"WEB","url":"https://repo.maven.apache.org/maven2/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32588.json"},{"type":"ADVISORY","url":"https://lists.apache.org/thread/2tnwjdnss378glxrsmnlzz3k53ftphrc"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32588"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/cassandra","events":[{"introduced":"902b4d31772eaa84f05ffdc1e4f4b7a66d5b17e6"},{"fixed":"c48b9f011d938918c3e20dbd82e7f11bd9155193"},{"introduced":"f9e033f519c14596da4dc954875756a69aea4e78"},{"fixed":"3ec081578d7c16d3f9d79d223d117a1e97a8e9db"},{"introduced":"186272edca920c757b91bf95c2392bafa1a38d72"},{"fixed":"0269fd5665751e8a6d8eab852e0f66c142b10ee6"}],"database_specific":{"extracted_events":[{"introduced":"4.0.0"},{"fixed":"4.0.20"},{"introduced":"4.1.0"},{"fixed":"4.1.11"},{"introduced":"5.0.0"},{"fixed":"5.0.7"}],"cpe":"cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"versions":["cassandra-4.1.10","cassandra-4.1.9","cassandra-4.1.8","cassandra-4.1.7","cassandra-4.1.6","cassandra-4.1.5","cassandra-4.1.4","cassandra-4.1.3","cassandra-4.1.1","cassandra-4.1.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-32588.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}