pkg:Maven/org.apache.cassandra:cassandra-all

12 total CVEsCRITICAL2HIGH5MEDIUM4

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2018-8016Missing Authentication for Critical Function in Apache Cassandra
    >= 3.8, < 3.11.2
  • CRITICAL9.1CVE-2021-44521Remote code execution for scripted UDFs
    from 0, < 3.0.26
  • HIGH8.8CVE-2026-27314Apache Cassandra is vulnerable to privilege escalation in an mTLS environment using MutualTlsAuthenticator
    >= 5.0-alpha1, < 5.0.7
  • HIGH8.8CVE-2025-26467Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only)
    >= 4.0.16, < 4.0.17
  • HIGH8.8CVE-2025-23015Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions
    >= 5.0-alpha1, < 5.0.3
  • HIGH7.8CVE-2023-30601Apache Cassandra: Privilege escalation when enabling FQL/Audit logs
    >= 4.1.0, < 4.1.2
  • HIGH7.5CVE-2020-17516Authentication Bypass in Apache Cassandra
    >= 2.1.0, < 3.0.24
  • MEDIUM5.9CVE-2024-27137Apache Cassandra: unrestricted deserialization of JMX authentication credentials
    >= 5.0-beta1, < 5.0.3
  • MEDIUM5.9CVE-2020-13946Man-in-the-middle attack in Apache Cassandra
    >= 2.1.0, < 2.1.12
  • MEDIUM5.5CVE-2026-27315Apache Cassandra: cqlsh history sensitive information leak
    >= 4.0, < 4.0.20
  • MEDIUM5.4CVE-2025-24860Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions
    >= 4.0-alpha1, < 4.0.16
  • CVE-2026-32588Apache Cassandra has an authenticated DoS over CQL
    >= 4.0, < 4.0.20