CVE-2026-27314
Published: 07 April 2026
Summary
CVE-2026-27314 is a high-severity Privilege Defined With Unsafe Actions (CWE-267) vulnerability in Apache Cassandra. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 15.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-2 (Account Management).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the vulnerability by requiring timely remediation through upgrading Apache Cassandra to version 5.0.7+ as recommended by the vendor.
Limits exploitation by enforcing least privilege, ensuring only necessary users receive CREATE permission required to execute the ADD IDENTITY command for privilege escalation.
Supports prevention through automated and manual processes to manage and review account roles and identity associations, restricting unauthorized bindings of certificate identities to superuser roles.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE directly describes a flaw in MutualTlsAuthenticator allowing low-privileged users to perform unauthorized role-identity association (account manipulation) that results in privilege escalation to superuser.
NVD Description
Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a user with only CREATE permission to associate their own certificate identity with an arbitrary role, including a superuser role, and authenticate as that role via ADD…
more
IDENTITY. Users are recommended to upgrade to version 5.0.7+, which fixes this issue.
Deeper analysisAI
CVE-2026-27314 is a privilege escalation vulnerability (CWE-267) in Apache Cassandra version 5.0, affecting mTLS environments configured with the MutualTlsAuthenticator. It enables a user possessing only CREATE permission to associate their own certificate identity with an arbitrary role, including superuser roles, and authenticate as that role via the ADD IDENTITY command. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Exploitation requires an authenticated attacker with low privileges, specifically CREATE permission, who can connect over the network with low attack complexity and no user interaction. Successful exploitation allows the attacker to impersonate any role, such as a superuser, granting high-impact access to confidentiality, integrity, and availability across the targeted Cassandra cluster.
Apache Cassandra advisories recommend upgrading to version 5.0.7 or later to mitigate this issue. Additional details are provided in the Apache mailing list thread at https://lists.apache.org/thread/zrng82ddy4rpsmfyk582v6hqxcqrbz7f and the OSS-Security announcement at http://www.openwall.com/lists/oss-security/2026/04/07/7.
Details
- CWE(s)