HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-47846Published Modified CNA vmware

CVE-2026-47846: Bitnami Cassandra container images are affected by a retained default superuser vulnerability

Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRA_USER environment variable, the container initialization script creates the new superuser account but fails to drop the built-in cassandra account in certain scenarios. This leaves the default cassandra:cassandra superuser active as an unintended access path. Affected versions — Container image: 4.0.x prior to 4.0.20-photon-5-r7; 4.1.x prior to 4.1.11-photon-5-r7; 5.0.x prior to 5.0.8-photon-5-r4 / 5.0.8-debian-12-r3.

Metrics

CVSS v3.1
9.8
Severity
CRITICAL
Fixed in
4.0.20-photon-5-r7
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A retained default superuser vulnerability affects Bitnami Cassandra container images across the 4.0.x, 4.1.x, and 5.0.x release lines. The flaw is reachable over the network with no authentication required: when a custom administrator account is configured via the CASSANDRA_USER environment variable, the initialization script fails to remove the built-in cassandra:cassandra superuser account, leaving it active as an unintended login path. An attacker who reaches the Cassandra port can authenticate using the well-known default credentials and gain full superuser access to the cluster, enabling complete data disclosure, data modification, and service disruption. Patched-image rebuilds at versions 4.0.20-photon-5-r7, 4.1.11-photon-5-r7, and 5.0.8-photon-5-r4 are available on HarborGuard for affected environments.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images in connected registries and CI/CD pipelines, including custom-built images that layer on the affected Bitnami Cassandra base. Any image tag falling within the affected version ranges for the 4.0.x, 4.1.x, and 5.0.x lines is flagged immediately.

Available
Triage

HarborGuard is capable of scoring this CVE at its published CVSS v3.1 rating of 9.8 (Critical) and weighting that score against each customer environment's compliance policy to prioritize alert routing. Findings are routable to the appropriate team inbox within each customer organization based on image ownership and policy configuration.

Available
Patch

Patched-image rebuilds at the fixed versions (4.0.20-photon-5-r7, 4.1.11-photon-5-r7, and 5.0.8-photon-5-r4) are available on HarborGuard for any environment running an affected image. For customers who opt into auto-remediation, HarborGuard is capable of triggering a rebuild at the fixed version, running a regression test suite against the rebuilt image, and opening a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must be able to reach the Cassandra service over the network; any host with TCP access to the Cassandra native transport port (default 9042) is a viable attack origin.

  • AuthenticationNot required

    No credentials are needed beyond the publicly known default cassandra:cassandra superuser pair, which is effectively equivalent to no authentication barrier given the credentials are universally known.

  • Victim interactionNot required

    Exploitation is fully attacker-driven and requires no action from any user or administrator of the affected system.

  • Attack complexityDetail

    The exploit is reliable and condition-free: the default account is persistently present due to the initialization script defect, so no race condition, memory layout dependency, or environmental preparation is required.

Blast Radius

  • Reads all keyspaces, tables, and stored data in the Cassandra cluster, including any application records, session data, or secrets persisted there.
  • Modifies or deletes any data in the cluster by exercising full superuser write privileges via the retained cassandra account.
  • Creates or drops user accounts and alters cluster-wide security settings, potentially locking out legitimate administrators.
  • Disrupts cluster availability by issuing destructive schema operations or resource-exhausting queries with superuser authority.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-47846 is active against all customer images across the affected 4.0.x, 4.1.x, and 5.0.x Bitnami Cassandra lines. For environments running an affected image, rebuilt images at the patched versions are available for pull. Where compliance policy permits auto-remediation, HarborGuard is capable of rebuilding the image at the appropriate fixed version, executing a regression run against the new image, and opening a pull request against the affected workload, with a median time from CVE publication to merged patch PR of around 90 minutes for Critical-severity issues in environments with auto-remediation enabled. Given the severity of this vulnerability (unauthenticated network access yielding full superuser control), customers who cannot immediately upgrade should consider applying network policy rules to restrict access to the Cassandra native transport port to known application service accounts only, and auditing active Cassandra roles to confirm whether the cassandra superuser account is present and active in their running instances.

See how HarborGuard automates this

Fix available

4.0.20-photon-5-r74.1.11-photon-5-r75.0.8-photon-5-r4
Affected packages
  • Bitnami / bitnami/cassandra
    < 4.0.20-photon-5-r7 (from 4.0.0) · < 4.1.11-photon-5-r7 (from 4.1.0) · < 5.0.8-photon-5-r4 (from 5.0.0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References