Follow @Openwall on Twitter for new release announcements and other news
[<prev] [day] [month] [year] [list]
Message-ID: <8361f13c-4592-5643-8ce8-0e57268df7da@apache.org>
Date: Fri, 17 Jul 2026 06:03:41 +0000
From: Christopher Tubbs <ctubbsii@...che.org>
To: oss-security@...ts.openwall.com
Subject: CVE-2026-62764: Apache Accumulo: A user can trigger a graceful
 shutdown of services without the relevant system permissions 

Severity: moderate 

Affected versions:

- Apache Accumulo (org.apache.accumulo:accumulo-server-base) 2.1.4 through 2.1.5

Description:

Improper Handling of Insufficient Privileges vulnerability in Apache Accumulo.
An authenticated, but low-privileged user without system permissions may
issue a remote command to gracefully shutdown system components
(compaction-coordinator, compactor, gc, manager, monitor, tserver, or sserver),
leading to a denial of service.

This issue affects Apache Accumulo 2.1.4 and 2.1.5.

Users are recommended to upgrade to version 2.1.6, which fixes the issue.

Credit:

Fabian Fleischer (reporter)

References:

https://github.com/apache/accumulo/issues/6478
https://accumulo.apache.org/release/accumulo-2.1.6/
https://accumulo.apache.org/downloads/
https://accumulo.apache.org/
https://www.cve.org/CVERecord?id=CVE-2026-62764

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.