Severity: moderate 

Affected versions:

- Apache Accumulo (org.apache.accumulo:accumulo-server-base) 2.1.4 through 2.1.5

Description:

Improper Handling of Insufficient Privileges vulnerability in Apache Accumulo.
An authenticated, but low-privileged user without system permissions may
issue a remote command to gracefully shutdown system components
(compaction-coordinator, compactor, gc, manager, monitor, tserver, or sserver),
leading to a denial of service.

This issue affects Apache Accumulo 2.1.4 and 2.1.5.

Users are recommended to upgrade to version 2.1.6, which fixes the issue.

Credit:

Fabian Fleischer (reporter)

References:

https://github.com/apache/accumulo/issues/6478
https://accumulo.apache.org/release/accumulo-2.1.6/
https://accumulo.apache.org/downloads/
https://accumulo.apache.org/
https://www.cve.org/CVERecord?id=CVE-2026-62764

Reply via email to