CVE-2026-32588: Apache Cassandra has an authenticated DoS over CQL

April 7, 2026 (updated April 8, 2026)

Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes. Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue.

References

github.com/advisories/GHSA-qffm-gf3j-6mvg
lists.apache.org/thread/2tnwjdnss378glxrsmnlzz3k53ftphrc
nvd.nist.gov/vuln/detail/CVE-2026-32588

Code Behaviors & Features

Detect and mitigate CVE-2026-32588 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →