CVE-2026-47784

HIGH SEVERITY

CVSS Score & Metrics

Base Score

8.1 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H                                    

Vulnerability Description

In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass.

Vulnerability Details

Published Date

May 20, 2026

Last Modified

May 21, 2026

CWE ID

CWE-208

Source

NVD

Vendor

memcached

Product

memcached

External References

https://github.com/memcached/memcached/commit/d13f282b4bce33a9c33b8a1bbf07f12114160fed
https://github.com/memcached/memcached/compare/1.6.41...1.6.42
https://github.com/memcached/memcached/wiki/ReleaseNotes1642

CVE-2026-47784

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment