CVE-2026-27314

Name of the Vulnerable Software and Affected Versions Apache Cassandra versions 5.0 through 5.0.6

Description A privilege escalation issue exists in Apache Cassandra 5.0 when using MutualTlsAuthenticator in an mTLS environment. A user with only CREATE permission can associate their own certificate identity with an arbitrary role, including a superuser role, and authenticate as that role via the ADD IDENTITY function.

Recommendations Upgrade to version 5.0.7 or later.