{
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09"
      },
      "title": "Authenticated DoS via ALTER ROLE Password Hashing",
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-400 Uncontrolled Resource Consumption",
              "lang": "en",
              "cweId": "CWE-400",
              "type": "CWE"
            }
          ]
        }
      ],
      "source": {
        "advisory": "CASSANDRA-21202",
        "discovery": "EXTERNAL"
      },
      "affected": [
        {
          "vendor": "Apache Software Foundation",
          "product": "Apache Cassandra",
          "collectionURL": "https://repo.maven.apache.org/maven2/",
          "packageName": "org.apache.cassandra:cassandra-all",
          "versions": [
            {
              "status": "affected",
              "version": "4.0",
              "lessThanOrEqual": "4.0.19",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "4.1",
              "lessThanOrEqual": "4.1.10",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "5.0",
              "lessThanOrEqual": "5.0.6",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "6.0-alpha1",
              "versionType": "semver"
            }
          ],
          "defaultStatus": "unaffected"
        }
      ],
      "descriptions": [
        {
          "value": "Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes.\nUsers are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue.",
          "lang": "en",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes.<br>Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue."
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://lists.apache.org/thread/2tnwjdnss378glxrsmnlzz3k53ftphrc",
          "tags": [
            "vendor-advisory"
          ]
        }
      ],
      "metrics": [
        {
          "other": {
            "type": "Textual description of severity",
            "content": {
              "text": "low"
            }
          }
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Youlong Chen, Institute of Computing Technology, Chinese Academy of Sciences",
          "type": "reporter"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "cveId": "CVE-2026-32588",
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "serial": 1,
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}