{"cve":{"cve_id":"CVE-2026-32588","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00533,"epss_percentile":0.4075,"epss_as_of":"2026-06-23","description":"Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes.\nUsers are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue.","published_at":"2026-04-07T16:42:52.361000Z","last_modified_at":null,"cvss_v3_score":6.5,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss_v3_severity":"MEDIUM","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-400"],"nvd_references":["https://lists.apache.org/thread/2tnwjdnss378glxrsmnlzz3k53ftphrc"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:29:49.745899Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"N","value_label":"None"},{"metric":"I","name":"Integrity","value":"N","value_label":"None"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"apache-software-foundation","vendor_name":"Apache Software Foundation","product_slug":"apache-cassandra","product_name":"Apache Cassandra","version_start":"4.0","version_start_inclusive":true,"version_end":"4.0.19","version_end_inclusive":true,"cpe23_uri":"cve5:apache-software-foundation:apache-cassandra:4.0:4.0.19"},{"vendor_slug":"apache-software-foundation","vendor_name":"Apache Software Foundation","product_slug":"apache-cassandra","product_name":"Apache Cassandra","version_start":"4.1","version_start_inclusive":true,"version_end":"4.1.10","version_end_inclusive":true,"cpe23_uri":"cve5:apache-software-foundation:apache-cassandra:4.1:4.1.10"},{"vendor_slug":"apache-software-foundation","vendor_name":"Apache Software Foundation","product_slug":"apache-cassandra","product_name":"Apache Cassandra","version_start":"5.0","version_start_inclusive":true,"version_end":"5.0.6","version_end_inclusive":true,"cpe23_uri":"cve5:apache-software-foundation:apache-cassandra:5.0:5.0.6"}],"exploit_refs":[],"news":[],"references":[{"url":"https://lists.apache.org/thread/2tnwjdnss378glxrsmnlzz3k53ftphrc","source_type":"MAILING_LIST","tags":["mailing-list"]}],"timeline":[{"type":"published","at":"2026-04-07T16:42:52.361000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:53:09.779823Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:53:09.779823Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:53:09.779823Z","label":"CVSS score revised","source":"cvelistv5"}]}