CVE-2026-47783
In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon a
CVSS
8.1
High
EPSS
1.3%
p67
KEV
—
Exploit Today
20
0-100
Published: May 20, 2026 · Last modified: Jul 15, 2026 · CWE-208
1.3%EPSS · 30 days1.3%
2026-06-302026-07-16
In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.
- github.comhttps://github.com/memcached/memcached/commit/d13f282b4bce33a9c33b8a1bbf07f12114160fed
- github.comhttps://github.com/memcached/memcached/compare/1.6.41...1.6.42
- github.comhttps://github.com/memcached/memcached/wiki/ReleaseNotes1642
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:27842
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:27862
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2026-47783
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2480089
- security.access.redhat.comhttps://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-47783.json
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-278567.4 HIG31.4%
——9Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential will lead into full access to the affected component. Limit access to the doveadm http service port, install fixed version. No publicly available exploits are known.2dCVE-2026-54193.7 LOW30.2%
——9A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of information disclosure.2dCVE-2026-150413.7 LOW21.9%
——7A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp() for comparing password hashes instead of a constant-time comparison function. A remote attacker could potentially use timing measurements of LDAP bind attempts to infer partial hash information, though practical exploitation is extremely difficult due to PBKDF2 computational overhead.7dCVE-2026-137583.7 LOW21.4%
——6CryptX versions before 0.088_001 for Perl compare AEAD authentication tags in non-constant time in the streaming decrypt_done path.
The decrypt_done($tag) form compares it against the computed tag with memNE (memcmp() != 0), which short-circuits on the first differing byte, so its run time depends on the number of matching leading bytes. This affects all five AEAD modes: GCM, CCM, ChaCha20Poly1305, EAX and OCB. The one-shot *_decrypt_verify helpers are unaffected; they verify the tag inside libtomcrypt with a constant-time comparison.
The timing difference is a tag-verification oracle. An attacker who can submit many candidate tags for the same nonce, ciphertext and associated data while measuring the timing precisely enough may recover the expected tag byte by byte and forge a message that verifies.17dCVE-2026-592185.3 MED15.1%
——5Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, the /api/v1/auths/signin endpoint looked users up by email and only ran bcrypt password verification when a credential existed, making registered-account attempts measurably slower than missing-email attempts and allowing unauthenticated account enumeration. This issue is fixed in version 0.10.0.6dCVE-2026-567643.7 LOW13.7%
——4Hono before 4.11.10 contains a timing attack vulnerability in the basicAuth and bearerAuth middlewares due to non-constant-time string comparison in the timingSafeEqual function. Attackers can exploit early termination of string equality checks to infer valid credentials through precise timing measurements.1d