{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27315", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2026-02-19T05:21:19.755Z", "datePublished": "2026-04-07T16:40:51.836Z", "dateUpdated": "2026-04-09T14:38:23.271Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://downloads.apache.org/cassandra/", "defaultStatus": "unaffected", "packageName": "apache-cassandra", "product": "Apache Cassandra", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "4.0.19", "status": "affected", "version": "4.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Youlong Chen, Institute of Computing Technology, Chinese Academy of Sciences"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via <span style=\"background-color: rgb(255, 255, 255);\">&nbsp;~/.cassandra/cqlsh_history&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">local file access.<br></span></span><br>Users are recommended to upgrade to version 4.0.20, which fixes this issue.<br><br>--<br>Description: Cassandra's command-line tool, cqlsh, provides a command history feature that allows users to recall previously executed commands using the up/down arrow keys. These history records are saved in the ~/.cassandra/cqlsh_history file in the user's home directory.<br><br>However, cqlsh does not redact sensitive information when saving command history. This means that if a user executes operations involving passwords (such as logging in or creating users) within cqlsh, these passwords are permanently stored in cleartext in the history file on the disk.<br><br><br>"}], "value": "Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via \u00a0~/.cassandra/cqlsh_history\u00a0local file access.\n\nUsers are recommended to upgrade to version 4.0.20, which fixes this issue.\n\n--\nDescription: Cassandra's command-line tool, cqlsh, provides a command history feature that allows users to recall previously executed commands using the up/down arrow keys. These history records are saved in the ~/.cassandra/cqlsh_history file in the user's home directory.\n\nHowever, cqlsh does not redact sensitive information when saving command history. This means that if a user executes operations involving passwords (such as logging in or creating users) within cqlsh, these passwords are permanently stored in cleartext in the history file on the disk."}], "metrics": [{"other": {"content": {"text": "low"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2026-04-07T16:40:51.836Z"}, "references": [{"tags": ["issue-tracking"], "url": "https://issues.apache.org/jira/browse/CASSANDRA-21180"}, {"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/ft77zrk2mzt8qsch4g6jqjj4901d22k3"}], "source": {"defect": ["CASSANDRA-21180"], "discovery": "EXTERNAL"}, "title": "Apache Cassandra: cqlsh history sensitive information leak", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/04/07/8"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-07T17:25:59.994Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-09T14:37:35.522951Z", "id": "CVE-2026-27315", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T14:38:23.271Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via \u00a0~/.cassandra/cqlsh_history\u00a0local file access.\n\nUsers are recommended to upgrade to version 4.0.20, which fixes this issue.\n\n--\nDescription: Cassandra's command-line tool, cqlsh, provides a command history feature that allows users to recall previously executed commands using the up/down arrow keys. These history records are saved in the ~/.cassandra/cqlsh_history file in the user's home directory.\n\nHowever, cqlsh does not redact sensitive information when saving command history. This means that if a user executes operations involving passwords (such as logging in or creating users) within cqlsh, these passwords are permanently stored in cleartext in the history file on the disk."}], "id": "CVE-2026-27315", "lastModified": "2026-04-08T21:27:00.663", "metrics": {}, "published": "2026-04-07T17:16:27.827", "references": [{"source": "security@apache.org", "url": "https://issues.apache.org/jira/browse/CASSANDRA-21180"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread/ft77zrk2mzt8qsch4g6jqjj4901d22k3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2026/04/07/8"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "security@apache.org", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[4.0,4.0.19]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Apache Cassandra", "source": "cna", "vendor": "Apache Software Foundation"}, "product": "cassandra", "vendor": "apache"}], "analysis": {"en": {"generated_at": "2026-04-07T21:24:49.801901+00:00", "value": {"mitigation_remediation": ["Upgrade to Apache Cassandra 4.0.20 or later, which removes the unredacted history behavior.", "Audit existing ~/.cassandra/cqlsh_history files on affected machines and securely delete any entries that contain passwords or other secrets.", "If configured, consider disabling cqlsh history logging or adjusting file permissions to restrict read access to the history file until a patch is applied."], "summary": {"action": "Upgrade", "impact": "Sensitive Information Leak"}, "threat_synthesis": {"affected_systems": "Affected systems are installations of Apache Cassandra supplied by the Apache Software Foundation, specifically version 4.0 and any earlier sub\u2011releases that have not been patched to 4.0.20 or later. The defect manifests when cqlsh is used to run commands that contain passwords or other secrets; the history file is written in the user\u2019s home directory as ~/.cassandra/cqlsh_history.", "description_and_impact": "The vulnerability originates in Apache Cassandra\u2019s command\u2011line shell, cqlsh, which records every executed command in a local history file without sanitizing sensitive fields. Because passwords and other secrets remain in plaintext within ~/.cassandra/cqlsh_history, an attacker who gains read access to this file can recover credentials used by the user. This issue falls under the CWE\u2011532 classification of Sensitive Information Exposure.", "risk_and_exploitability": "The attack vector is local; an attacker must have the capability to read the user\u2019s home directory. The vulnerability does not require network access or elevated privileges beyond the user account. CVSS and EPSS metrics are not available, and the flaw is not listed in CISA\u2019s KEV catalog, so the overall risk is moderate, largely limited to the confidentiality of stored credentials. Exploitation is straightforward: locate the history file and parse its contents."}}}}, "created": "2026-04-08T19:36:44.960154+00:00", "updated": "2026-04-08T19:47:48.248328+00:00", "vendors": ["apache", "apache$PRODUCT$cassandra"]}