Apache · Apache Cassandra · CVE-2026-27315
Name of the Vulnerable Software and Affected Versions
Apache Cassandra versions 4.0 through 4.0.19
Description
Apache Cassandra's command-line tool, cqlsh, saves command history in the `~/.cassandra/cqlsh history` file. This file does not redact sensitive information, meaning passwords used in cqlsh commands are stored in cleartext on disk.
Recommendations
Upgrade to version 4.0.20 or later.