CVE-2026-47783
- Source
- https://cve.org/CVERecord?id=CVE-2026-47783
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-47783.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-47783
- Aliases
- Downstream
- Related
- Published
- 2026-05-20T05:43:46.976Z
- Modified
- 2026-06-23T15:29:17.497616403Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by saslserveruserdb_checkpass.
- Database specific
{ "cna_assigner": "mitre", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/47xxx/CVE-2026-47783.json", "cwe_ids": [ "CWE-208" ] }- References
-
- https://github.com/memcached/memcached/compare/1.6.41...1.6.42
- https://github.com/memcached/memcached/wiki/ReleaseNotes1642
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/47xxx/CVE-2026-47783.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-47783
- https://github.com/memcached/memcached/commit/d13f282b4bce33a9c33b8a1bbf07f12114160fed
Affected packages
Git / github.com/memcached/memcached
Affected ranges
- Type
- GIT
- Repo
- https://github.com/memcached/memcached
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
- Database specific
{ "source": [ "CPE_RANGE", "REFERENCES" ], "extracted_events": [ { "introduced": "0" }, { "fixed": "1.6.42" } ], "cpe": "cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:*" }
Affected versions
1.*
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.3.2
1.3.3
1.4-rc1
1.4.0
1.4.0-rc1
1.4.1
1.4.1-rc1
1.4.10
1.4.11
1.4.11-beta1
1.4.11-rc1
1.4.12
1.4.13
1.4.14
1.4.15
1.4.16
1.4.17
1.4.18
1.4.19
1.4.2
1.4.2-rc1
1.4.20
1.4.21
1.4.22
1.4.23
1.4.24
1.4.25
1.4.26
1.4.27
1.4.28
1.4.29
1.4.3
1.4.3-rc1
1.4.3-rc2
1.4.30
1.4.31
1.4.32
1.4.33
1.4.34
1.4.35
1.4.36
1.4.37
1.4.38
1.4.39
1.4.4
1.4.5
1.4.6
1.4.6-rc1
1.4.7
1.4.7-rc1
1.4.8
1.4.8-rc1
1.4.9
1.5.0
1.5.1
1.5.10
1.5.11
1.5.12
1.5.13
1.5.14
1.5.15
1.5.16
1.5.17
1.5.18
1.5.19
1.5.2
1.5.20
1.5.21
1.5.22
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.5.8
1.5.9
1.6.0
1.6.1
1.6.10
1.6.11
1.6.12
1.6.13
1.6.14
1.6.15
1.6.16
1.6.17
1.6.18
1.6.19
1.6.2
1.6.20
1.6.21
1.6.22
1.6.23
1.6.24
1.6.25
1.6.26
1.6.27
1.6.28
1.6.29
1.6.3
1.6.30
1.6.31
1.6.32
1.6.33
1.6.34
1.6.35
1.6.36
1.6.37
1.6.38
1.6.39
1.6.4
1.6.40
1.6.41
1.6.5
1.6.6
1.6.7
1.6.8
1.6.9
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-47783.json"
vanir_signatures
[
{
"source": "https://github.com/memcached/memcached/commit/d13f282b4bce33a9c33b8a1bbf07f12114160fed",
"id": "CVE-2026-47783-753167ba",
"deprecated": false,
"digest": {
"function_hash": "284654676807271835384715966028879882137",
"length": 1156.0
},
"signature_type": "Function",
"signature_version": "v1",
"target": {
"function": "sasl_server_userdb_checkpass",
"file": "sasl_defs.c"
}
},
{
"deprecated": false,
"id": "CVE-2026-47783-9b7ff158",
"source": "https://github.com/memcached/memcached/commit/d13f282b4bce33a9c33b8a1bbf07f12114160fed",
"digest": {
"threshold": 0.9,
"line_hashes": [
"312679514704962041280281200903721309667",
"35757367415565282865623804919170315255",
"245579480260761788681918563772767245751",
"6602217400144305652543387936933858330",
"161573229621705196849168628951717696666",
"258772684775262277630727493888981902386",
"286110100176741436029485821082375961561",
"95100240616598174899764189262178176353",
"327608642694468017178633802590202216364",
"253086933575348819273447769281331947129",
"218347168151238490293077456438405013492",
"121523401650451511176392504935467086120",
"236732265184660035366467935863000898408",
"274469844838623870742837739010917076111"
]
},
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "sasl_defs.c"
}
}
]
vanir_signatures_modified
"2026-06-20T11:13:56Z"