Home / Vulnerability Intelligence / CVE-2026-27314

CVE-2026-27314 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: April 7, 2026

Apache Cassandra - Privilege Escalation

Published: April 7, 2026Updated: April 7, 2026Remote Exploitable

Overview

Apache Cassandra 5.0 contains a privilege escalation caused by improper permission checks in MutualTlsAuthenticator in mTLS environments, letting users with CREATE permission associate arbitrary roles including superuser, exploit requires mTLS environment with MutualTlsAuthenticator.

Severity & Score

Severity: High

CVSS Score: 8.8

Impact

Users with limited permissions can escalate to superuser roles, gaining full administrative control.

Mitigation

Upgrade to version 5.0.7 or later.

References

https://lists.apache.org/thread/zrng82ddy4rpsmfyk582v6hqxcqrbz7f
http://www.openwall.com/lists/oss-security/2026/04/07/7

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-27314
Severity: High
CVSS Score: 8.8
Type: broken_access_control
Status: new

CWE

CWE-267

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H