Severity: low Affected versions:
- Apache Cassandra (org.apache.cassandra:cassandra-all) 5.0 through 5.0.6 Description: Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a user with only CREATE permission to associate their own certificate identity with an arbitrary role, including a superuser role, and authenticate as that role via ADD IDENTITY. Users are recommended to upgrade to version 5.0.7+, which fixes this issue. This issue is being tracked as CASSANDRA-21219 Credit: Sho Odagiri, GMO Cybersecurity by Ierae, Inc. (reporter) References: https://cassandra.apache.org/ https://www.cve.org/CVERecord?id=CVE-2026-27314 https://issues.apache.org/jira/browse/CASSANDRA-21219
