CVE-2026-47784
- Source
- https://cve.org/CVERecord?id=CVE-2026-47784
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-47784.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-47784
- Aliases
- Downstream
- Related
- Published
- 2026-05-20T05:45:37.864Z
- Modified
- 2026-06-20T11:13:56.961536Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by saslserveruserdb_checkpass.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/47xxx/CVE-2026-47784.json", "cwe_ids": [ "CWE-208" ], "cna_assigner": "mitre" }- References
-
- https://github.com/memcached/memcached/compare/1.6.41...1.6.42
- https://github.com/memcached/memcached/wiki/ReleaseNotes1642
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/47xxx/CVE-2026-47784.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-47784
- https://github.com/memcached/memcached/commit/d13f282b4bce33a9c33b8a1bbf07f12114160fed
Affected packages
Git / github.com/memcached/memcached
Affected ranges
- Type
- GIT
- Repo
- https://github.com/memcached/memcached
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
- Database specific
{ "cpe": "cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:*", "source": [ "CPE_RANGE", "REFERENCES" ], "extracted_events": [ { "introduced": "0" }, { "fixed": "1.6.42" } ] }
Affected versions
1.*
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.3.2
1.3.3
1.4-rc1
1.4.0
1.4.0-rc1
1.4.1
1.4.1-rc1
1.4.10
1.4.11
1.4.11-beta1
1.4.11-rc1
1.4.12
1.4.13
1.4.14
1.4.15
1.4.16
1.4.17
1.4.18
1.4.19
1.4.2
1.4.2-rc1
1.4.20
1.4.21
1.4.22
1.4.23
1.4.24
1.4.25
1.4.26
1.4.27
1.4.28
1.4.29
1.4.3
1.4.3-rc1
1.4.3-rc2
1.4.30
1.4.31
1.4.32
1.4.33
1.4.34
1.4.35
1.4.36
1.4.37
1.4.38
1.4.39
1.4.4
1.4.5
1.4.6
1.4.6-rc1
1.4.7
1.4.7-rc1
1.4.8
1.4.8-rc1
1.4.9
1.5.0
1.5.1
1.5.10
1.5.11
1.5.12
1.5.13
1.5.14
1.5.15
1.5.16
1.5.17
1.5.18
1.5.19
1.5.2
1.5.20
1.5.21
1.5.22
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.5.8
1.5.9
1.6.0
1.6.1
1.6.10
1.6.11
1.6.12
1.6.13
1.6.14
1.6.15
1.6.16
1.6.17
1.6.18
1.6.19
1.6.2
1.6.20
1.6.21
1.6.22
1.6.23
1.6.24
1.6.25
1.6.26
1.6.27
1.6.28
1.6.29
1.6.3
1.6.30
1.6.31
1.6.32
1.6.33
1.6.34
1.6.35
1.6.36
1.6.37
1.6.38
1.6.39
1.6.4
1.6.40
1.6.41
1.6.5
1.6.6
1.6.7
1.6.8
1.6.9
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-47784.json"
vanir_signatures
[
{
"target": {
"file": "sasl_defs.c",
"function": "sasl_server_userdb_checkpass"
},
"deprecated": false,
"digest": {
"function_hash": "284654676807271835384715966028879882137",
"length": 1156.0
},
"id": "CVE-2026-47784-753167ba",
"source": "https://github.com/memcached/memcached/commit/d13f282b4bce33a9c33b8a1bbf07f12114160fed",
"signature_version": "v1",
"signature_type": "Function"
},
{
"target": {
"file": "sasl_defs.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"312679514704962041280281200903721309667",
"35757367415565282865623804919170315255",
"245579480260761788681918563772767245751",
"6602217400144305652543387936933858330",
"161573229621705196849168628951717696666",
"258772684775262277630727493888981902386",
"286110100176741436029485821082375961561",
"95100240616598174899764189262178176353",
"327608642694468017178633802590202216364",
"253086933575348819273447769281331947129",
"218347168151238490293077456438405013492",
"121523401650451511176392504935467086120",
"236732265184660035366467935863000898408",
"274469844838623870742837739010917076111"
],
"threshold": 0.9
},
"id": "CVE-2026-47784-9b7ff158",
"source": "https://github.com/memcached/memcached/commit/d13f282b4bce33a9c33b8a1bbf07f12114160fed",
"signature_version": "v1",
"signature_type": "Line"
}
]
vanir_signatures_modified
"2026-06-20T11:13:56Z"