PT-2026-42109 · Memcached+3 · Memcached+3

·

CVE-2026-47783

·

Published

2026-05-20

·

Updated

2026-06-30

CVSS v3.1

8.1

High

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions memcached versions prior to 1.6.42
Description Username data for SASL password database authentication contains a timing side channel. This occurs because the sasl server userdb checkpass() function utilizes a loop that terminates immediately upon finding a valid username, allowing an attacker to potentially infer valid usernames based on the time the server takes to respond.
Recommendations Update to version 1.6.42 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

ALSA-2026:27842
ALSA-2026:27862
BIT-MEMCACHED-2026-47783
CVE-2026-47783
OPENSUSE-SU-2026:10882-1
OPENSUSE-SU-2026:20884-1
RHSA-2026:27842
RHSA-2026:27862
SUSE-SU-2026:22022-1
SUSE-SU-2026:2292-1
SUSE-SU-2026:2293-1
USN-8320-1

Affected Products

Linuxmint
Rocky Linux
Ubuntu
Memcached