CVE-2026-47783
8.1 HIGHIn memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soo...
Published: 2026-05-20 · Last updated: 2026-05-21
Severity and scoring
- CVSS
- 8.1 HIGH
- Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-208
Affected products
| Vendor | Product |
|---|---|
| memcached | memcached |
Description
In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-47784 — In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by s... (8.1 HIGH)
Same CWE
- CVE-2026-54411 — Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path... (5.9 MEDIUM)
- CVE-2017-20240 — Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks (5.9 MEDIUM)
- CVE-2026-48011 — Shopware is an open commerce platform (3.7 LOW)
- CVE-2026-48859 — Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enum... (5.3 MEDIUM)
- CVE-2026-5419 — A flaw was found in gnutls (3.7 LOW)