CVEFinder.io

CVE-2026-47784

⚠️ high
🔍 Scan for this CVE
Summary

In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass.

CVSS Score
8.1
High
EPSS Score
0.1
Exploit Probability
Published Date
2026-05-20
First Seen: 2026-05-21
📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 77.5% of all 328,009 vulnerabilities in our database.

#73,816
Top 25% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 20, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-05-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-208

📦 Affected Products 1

Vendor Product Status Affected Versions
memcached memcached Affected
< 1.6.42

🔗 References 3

https://github.com/memcached/memcached/commit/d13f28...
Patch
https://github.com/memcached/memcached/compare/1.6.4...
Release Notes
https://github.com/memcached/memcached/wiki/ReleaseN...
Release Notes

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-47783 ⚠️ high 8.1 0.1 In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a ... 2026-05-20
CVE-2023-46852 ⚠️ high 7.5 0.1 In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many ... 2023-10-27
CVE-2023-46853 ⛔ critical 9.8 0.2 In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used inste... 2023-10-27
CVE-2020-22570 ⚠️ high 7.5 2.1 Memcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted meta comm... 2023-08-22
CVE-2022-48571 ⚠️ high 7.5 0.1 memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP. 2023-08-22
CVE-2021-37519 🔶 medium 5.5 0.0 Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted au... 2023-02-03
These CVEs affect the same products