{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27315", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2026-02-19T05:21:19.755Z", "datePublished": "2026-04-07T16:40:51.836Z", "dateUpdated": "2026-04-09T14:38:23.271Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://downloads.apache.org/cassandra/", "defaultStatus": "unaffected", "packageName": "apache-cassandra", "product": "Apache Cassandra", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "4.0.19", "status": "affected", "version": "4.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Youlong Chen, Institute of Computing Technology, Chinese Academy of Sciences"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via <span style=\"background-color: rgb(255, 255, 255);\">&nbsp;~/.cassandra/cqlsh_history&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">local file access.<br></span></span><br>Users are recommended to upgrade to version 4.0.20, which fixes this issue.<br><br>--<br>Description: Cassandra's command-line tool, cqlsh, provides a command history feature that allows users to recall previously executed commands using the up/down arrow keys. These history records are saved in the ~/.cassandra/cqlsh_history file in the user's home directory.<br><br>However, cqlsh does not redact sensitive information when saving command history. This means that if a user executes operations involving passwords (such as logging in or creating users) within cqlsh, these passwords are permanently stored in cleartext in the history file on the disk.<br><br><br>"}], "value": "Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via \u00a0~/.cassandra/cqlsh_history\u00a0local file access.\n\nUsers are recommended to upgrade to version 4.0.20, which fixes this issue.\n\n--\nDescription: Cassandra's command-line tool, cqlsh, provides a command history feature that allows users to recall previously executed commands using the up/down arrow keys. These history records are saved in the ~/.cassandra/cqlsh_history file in the user's home directory.\n\nHowever, cqlsh does not redact sensitive information when saving command history. This means that if a user executes operations involving passwords (such as logging in or creating users) within cqlsh, these passwords are permanently stored in cleartext in the history file on the disk."}], "metrics": [{"other": {"content": {"text": "low"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2026-04-07T16:40:51.836Z"}, "references": [{"tags": ["issue-tracking"], "url": "https://issues.apache.org/jira/browse/CASSANDRA-21180"}, {"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/ft77zrk2mzt8qsch4g6jqjj4901d22k3"}], "source": {"defect": ["CASSANDRA-21180"], "discovery": "EXTERNAL"}, "title": "Apache Cassandra: cqlsh history sensitive information leak", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/04/07/8"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-07T17:25:59.994Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-09T14:37:35.522951Z", "id": "CVE-2026-27315", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T14:38:23.271Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/04/07/8"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-07T17:25:59.994Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-27315", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-09T14:37:35.522951Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T14:38:19.282Z"}}], "cna": {"title": "Apache Cassandra: cqlsh history sensitive information leak", "source": {"defect": ["CASSANDRA-21180"], "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Youlong Chen, Institute of Computing Technology, Chinese Academy of Sciences"}], "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "low"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache Cassandra", "versions": [{"status": "affected", "version": "4.0", "versionType": "semver", "lessThanOrEqual": "4.0.19"}], "packageName": "apache-cassandra", "collectionURL": "https://downloads.apache.org/cassandra/", "defaultStatus": "unaffected"}], "references": [{"url": "https://issues.apache.org/jira/browse/CASSANDRA-21180", "tags": ["issue-tracking"]}, {"url": "https://lists.apache.org/thread/ft77zrk2mzt8qsch4g6jqjj4901d22k3", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via \u00a0~/.cassandra/cqlsh_history\u00a0local file access.\n\nUsers are recommended to upgrade to version 4.0.20, which fixes this issue.\n\n--\nDescription: Cassandra's command-line tool, cqlsh, provides a command history feature that allows users to recall previously executed commands using the up/down arrow keys. These history records are saved in the ~/.cassandra/cqlsh_history file in the user's home directory.\n\nHowever, cqlsh does not redact sensitive information when saving command history. This means that if a user executes operations involving passwords (such as logging in or creating users) within cqlsh, these passwords are permanently stored in cleartext in the history file on the disk.", "supportingMedia": [{"type": "text/html", "value": "Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via <span style=\"background-color: rgb(255, 255, 255);\">&nbsp;~/.cassandra/cqlsh_history&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">local file access.<br></span></span><br>Users are recommended to upgrade to version 4.0.20, which fixes this issue.<br><br>--<br>Description: Cassandra's command-line tool, cqlsh, provides a command history feature that allows users to recall previously executed commands using the up/down arrow keys. These history records are saved in the ~/.cassandra/cqlsh_history file in the user's home directory.<br><br>However, cqlsh does not redact sensitive information when saving command history. This means that if a user executes operations involving passwords (such as logging in or creating users) within cqlsh, these passwords are permanently stored in cleartext in the history file on the disk.<br><br><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2026-04-07T16:40:51.836Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27315", "state": "PUBLISHED", "dateUpdated": "2026-04-09T14:38:23.271Z", "dateReserved": "2026-02-19T05:21:19.755Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2026-04-07T16:40:51.836Z", "assignerShortName": "apache"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*", "matchCriteriaId": "C531A747-3AEF-4CDC-B614-784DC3B6213E", "versionEndExcluding": "4.0.20", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via \u00a0~/.cassandra/cqlsh_history\u00a0local file access.\n\nUsers are recommended to upgrade to version 4.0.20, which fixes this issue.\n\n--\nDescription: Cassandra's command-line tool, cqlsh, provides a command history feature that allows users to recall previously executed commands using the up/down arrow keys. These history records are saved in the ~/.cassandra/cqlsh_history file in the user's home directory.\n\nHowever, cqlsh does not redact sensitive information when saving command history. This means that if a user executes operations involving passwords (such as logging in or creating users) within cqlsh, these passwords are permanently stored in cleartext in the history file on the disk."}], "id": "CVE-2026-27315", "lastModified": "2026-04-15T15:47:57.567", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-07T17:16:27.827", "references": [{"source": "security@apache.org", "tags": ["Patch", "Vendor Advisory", "Issue Tracking"], "url": "https://issues.apache.org/jira/browse/CASSANDRA-21180"}, {"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/ft77zrk2mzt8qsch4g6jqjj4901d22k3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2026/04/07/8"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "security@apache.org", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[4.0,4.0.19]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Apache Cassandra", "source": "cna", "vendor": "Apache Software Foundation"}, "product": "cassandra", "vendor": "apache"}], "analysis": {"en": {"generated_at": "2026-04-09T16:53:24.605205+00:00", "value": {"mitigation_remediation": ["Upgrade Apache Cassandra to version 4.0.20 or later", "Restrict permissions on the ~/.cassandra/cqlsh_history file so that only the owning user can read it", "Delete or clear the existing history file and reset its ownership and permissions", "Avoid embedding passwords directly in cqlsh commands; use secure parameter files or environment variables instead"], "summary": {"action": "Patch Now", "impact": "Sensitive Information Disclosure"}, "threat_synthesis": {"affected_systems": "The affected vendor is the Apache Software Foundation and the product is Apache Cassandra. The vulnerability exists in all 4.0 releases shipped before the 4.0.20 update, which removes the problematic history behaviour. No specific sub\u2011version is listed; any unpatched 4.0 build should be considered vulnerable.", "description_and_impact": "Cassandra\u2019s command\u2011line shell, cqlsh, records every command it executes in the user\u2019s home directory without sanitising sensitive data. Operations that include passwords, such as login or user creation commands, are written to the ~/.cassandra/cqlsh_history file in cleartext. Consequently, any information entered in those commands becomes permanently accessible to anyone who can read the history file.", "risk_and_exploitability": "The CVSS score of 5.5 indicates moderate severity, while the EPSS score of less than 1% suggests that large\u2011scale exploitation is unlikely. The vulnerability is not present in the CISA KEV catalog. Based on the description, it is inferred that the attack requires local read access to the ~/.cassandra/cqlsh_history file in a user\u2019s home directory. Once read, the stored passwords can be used to compromise the database or broader network resources."}}}}, "created": "2026-04-08T19:36:44.960154+00:00", "updated": "2026-04-10T09:41:27.154585+00:00", "vendors": ["apache", "apache$PRODUCT$cassandra"]}