CVE-2026-47783

Published May 20, 2026

Last updated 6 days ago

CVSS high 8.1

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-47783 describes a timing side-channel vulnerability found in memcached versions prior to 1.6.42. This flaw specifically impacts the Simple Authentication and Security Layer (SASL) password database authentication mechanism. The vulnerability arises because the `sasl_server_userdb_checkpass` function, responsible for checking usernames during authentication, exits its internal loop as soon as a valid username is identified. This premature exit creates a measurable difference in response times between valid and invalid usernames. Attackers can exploit these timing discrepancies to remotely enumerate existing usernames on the system.

Description
In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.
Source
cve@mitre.org
NVD status
Analyzed
Products
memcached

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.1
Impact score
5.9
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

cve@mitre.org
CWE-208

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

8

  1. CVE-2026-47783 & CVE-2026-47784: Two SASL vulnerabilities in Memcached, 8.1 rating 🔥 Two new vulnerabilities Memcached allow an attacker to enumerate valid usernames on the system and guess their passwords because password and username data for SASL password database htt

    @Netlas_io

    26 May 2026

    489 Impressions

    3 Retweets

    5 Likes

    4 Bookmarks

    1 Reply

    0 Quotes

  2. Memcached SASLに深刻な脆弱性。CVE-2026-47783は応答時間でのサイドチャネル攻撃によるユーザ名列挙。CVE-2026-47784は同様のパスワード推測。バージョン1.6.42で修正。 https://t.co/fZAx9HLSz7

    @__kokumoto

    26 May 2026

    1199 Impressions

    1 Retweet

    4 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  3. Memcachedに認証情報を推測可能にする高危険度脆弱性2件が見つかった。SASL認証処理の応答時間差を悪用し、ユーザー名やパスワードを段階的に特定される恐れがある。 問題はCVE-2026-47783とCVE-2026-47784で、いず

    @yousukezan

    26 May 2026

    2352 Impressions

    1 Retweet

    9 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass.CVE-2026-47784
  2. The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8705.CVE-2017-9951
  3. memcached.c in memcached before 1.4.3 allows remote attackers to cause a denial of service (daemon hang or crash) via a long line that triggers excessive memory allocation. NOTE: some of these details are obtained from third party information.CVE-2010-1152
  4. Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary code via vectors involving length attributes that trigger heap-based buffer overflows.CVE-2009-2415
  5. The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats maps command and (b) memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain sensitive information such as the locations of memory regions, and defeat ASLR protection, by sending a command to the daemon's TCP port.CVE-2009-1255

References

Sources include official advisories and independent security research.