Description
Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a user with only CREATE permission to associate their own certificate identity with an arbitrary role,
including a superuser role, and authenticate as that role via ADD IDENTITY.

Users are recommended to upgrade to version 5.0.7+, which fixes this issue.
Published: 2026-04-07
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

The flaw allows a user who can create keys to bind their certificate to any role, including superuser, via ADD IDENTITY, enabling elevation of privileges to full administrative control over the Cassandra cluster.

Affected Systems

Apache Cassandra 5.0.x running in an mTLS environment that uses MutualTlsAuthenticator. Versions prior to 5.0.7 are vulnerable; upgrading to 5.0.7 or later removes the flaw.

Risk and Exploitability

This issue carries a CVSS score of 8.8, indicating a high severity. The lack of EPSS data leaves the likelihood of exploitation uncertain, but the vulnerability can be exploited by anyone with CREATE rights and the ability to use a certificate, potentially allowing an attacker to assume superuser credentials and compromise the entire cluster. The vulnerability is not listed in the KEV catalog, suggesting no widespread exploit evidence yet.

Generated by OpenCVE AI on April 7, 2026 at 21:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Apache Cassandra to version 5.0.7 or newer.

Generated by OpenCVE AI on April 7, 2026 at 21:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-qxpc-96fq-wwmg Apache Cassandra is vulnerable to privilege escalation in an mTLS environment using MutualTlsAuthenticator
History

Wed, 15 Apr 2026 16:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache cassandra
Vendors & Products Apache
Apache cassandra

Tue, 07 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Description Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a user with only CREATE permission to associate their own certificate identity with an arbitrary role, including a superuser role, and authenticate as that role via ADD IDENTITY. Users are recommended to upgrade to version 5.0.7+, which fixes this issue.
Title Apache Cassandra: Privilege escalation via ADD IDENTITY authorization bypass
Weaknesses CWE-267
References

Subscriptions

Apache Cassandra
cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2026-04-08T03:55:52.335Z

Reserved: 2026-02-19T00:03:57.862Z

Link: CVE-2026-27314

cve-icon Vulnrichment

Updated: 2026-04-07T17:25:57.687Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-07T17:16:27.693

Modified: 2026-04-15T15:48:53.273

Link: CVE-2026-27314

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:47:52Z

Weaknesses