← back
CVE-2026-47846

CVE-2026-47846

CVSS 9.8 CRITICALEPSS 0.3%CWE-798
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
18 Jun 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRA_USER environment variable, the container initialization script creates the new superuser account but fails to drop the built-in cassandra account in certain scenarios. This leaves the default cassandra:cassandra superuser active as an unintended access path. Affected versions — Container image: 4.0.x prior to 4.0.20-photon-5-r7; 4.1.x prior to 4.1.11-photon-5-r7; 5.0.x prior to 5.0.8-photon-5-r4 / 5.0.8-debian-12-r3.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Bitnami · bitnami/cassandra

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/bitnami/containers/security/advisories/GHSA-8q3j-37vg-8fc2