CVE-2026-47783

Published May 20, 2026

Last updated 14 days ago

CVSS high 8.1
sca
Memcached
SASL

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-47783 describes a timing side-channel vulnerability found in memcached versions prior to 1.6.42. This flaw specifically impacts the Simple Authentication and Security Layer (SASL) password database authentication mechanism. The vulnerability arises because the `sasl_server_userdb_checkpass` function, responsible for checking usernames during authentication, exits its internal loop as soon as a valid username is identified. This premature exit creates a measurable difference in response times between valid and invalid usernames. Attackers can exploit these timing discrepancies to remotely enumerate existing usernames on the system.

Description
In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.
Source
cve@mitre.org
NVD status
Modified
Products
memcached

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.1
Impact score
5.9
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

cve@mitre.org
CWE-208
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
CWE-208

Social media

Hype score
Not currently trending
  1. Memcached の脆弱性 CVE-2026-47783 が FIX:SASL 欠陥による有効なユーザー名の推測 https://t.co/8IpHJIHIJI 今回の Memcached の脆弱性 CVE-2026-47783

    @iototsecnews

    2 Jun 2026

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 HIGH Severity: CVE-2026-47783 (CVSS 8.1) memcached <1.6.42 has timing side channel in SASL auth allowing username enumeration. Impact: Remote attackers may exploit timing differences to discover valid usernames. Patch to 1.6.42+ immediately. #CVE #Vulnerability #Patch

    @DFIR_Lab

    30 May 2026

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2026-47783 & CVE-2026-47784: Two SASL vulnerabilities in Memcached, 8.1 rating 🔥 Two new vulnerabilities Memcached allow an attacker to enumerate valid usernames on the system and guess their passwords because password and username data for SASL password database htt

    @Netlas_io

    26 May 2026

    699 Impressions

    5 Retweets

    10 Likes

    4 Bookmarks

    1 Reply

    0 Quotes

  4. Memcached SASLに深刻な脆弱性。CVE-2026-47783は応答時間でのサイドチャネル攻撃によるユーザ名列挙。CVE-2026-47784は同様のパスワード推測。バージョン1.6.42で修正。 https://t.co/fZAx9HLSz7

    @__kokumoto

    26 May 2026

    1199 Impressions

    1 Retweet

    4 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  5. Memcachedに認証情報を推測可能にする高危険度脆弱性2件が見つかった。SASL認証処理の応答時間差を悪用し、ユーザー名やパスワードを段階的に特定される恐れがある。 問題はCVE-2026-47783とCVE-2026-47784で、いず

    @yousukezan

    26 May 2026

    2352 Impressions

    1 Retweet

    9 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

Configurations