Description
In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.
Published: 2026-05-20
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability lies in Memcached’s SASL authentication routine. When the server checks a supplied username, it exits the loop as soon as a match is found, creating a timing side channel that reveals whether a username exists in the SASL password database. The flaw does not disclose passwords but enables username enumeration, which can accelerate subsequent credential‑guessing attacks.

Affected Systems

Memcached servers running the memcached daemon prior to version 1.6.42 are affected. The issue appears in all releases up through 1.6.41 inclusive. Any unsupported builds that still ship the old SASL password database implementation remain vulnerable.

Risk and Exploitability

The CVSS score of 8.1 indicates high severity. EPSS data is not available, so precise exploitation likelihood is unclear. The likely attack vector is over the network via the SASL interface, as the flaw requires only remote access to the memcached service. The vulnerability is not listed in the CISA KEV catalog, suggesting no widespread exploits have been documented. Based on the description, an attacker could send repeated SASL authentication attempts, measuring timing differences, to enumerate usernames on exposed servers.

Generated by OpenCVE AI on May 20, 2026 at 07:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade memcached to version 1.6.42 or later to eliminate the timing side channel.
  • If an upgrade is not immediately possible, disable SASL authentication or restrict SASL connections to a trusted internal network and block external access until the upgrade is applied.
  • Monitor memcached logs for repeated SASL authentication attempts and investigate any sudden spikes in authentication traffic.

Generated by OpenCVE AI on May 20, 2026 at 07:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 20 May 2026 08:15:00 +0000

Type Values Removed Values Added
Title Timing Side‑Channel in SASL Username Lookup Causes Username Enumeration in Memcached

Wed, 20 May 2026 06:30:00 +0000

Type Values Removed Values Added
Description In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.
First Time appeared Memcached
Memcached memcached
Weaknesses CWE-208
CPEs cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:*
Vendors & Products Memcached
Memcached memcached
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Memcached Memcached
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-20T12:49:58.195Z

Reserved: 2026-05-20T05:43:46.363Z

Link: CVE-2026-47783

cve-icon Vulnrichment

Updated: 2026-05-20T12:49:54.179Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-20T07:16:15.533

Modified: 2026-05-20T14:24:24.227

Link: CVE-2026-47783

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T08:00:11Z

Weaknesses