Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-04-27T23:31:40 Spring Boot: Cassandra: Spring Boot: Security bypass in Cassandra SSL connections 6.4 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H CWE-295

A flaw was found in Spring Boot's Cassandra auto-configuration. This vulnerability allows an adjacent attacker to bypass hostname verification during SSL (Secure Sockets Layer) connection establishment to Cassandra. This could enable a man-in-the-middle attack, potentially leading to unauthorized information disclosure, data tampering, or denial of service.

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Red Hat AMQ Broker 7 Fix deferred spring-boot Red Hat AMQ Clients Fix deferred spring-boot Red Hat build of Apache Camel for Spring Boot 4 Fix deferred spring-boot Red Hat build of Apache Camel - HawtIO 4 Fix deferred spring-boot Red Hat build of OptaPlanner 8 Fix deferred spring-boot Red Hat Data Grid 8 Fix deferred spring-boot Red Hat Enterprise Linux 8 Fix deferred log4j:2/log4j Red Hat Enterprise Linux 9 Fix deferred log4j Red Hat Fuse 7 Fix deferred spring-boot Red Hat JBoss Enterprise Application Platform 7 Fix deferred spring-boot Red Hat JBoss Enterprise Application Platform 8 Fix deferred spring-boot Red Hat JBoss Enterprise Application Platform Expansion Pack Fix deferred spring-boot Red Hat OpenShift Dev Spaces Fix deferred devspaces/openvsx-rhel9 Red Hat OpenShift Dev Spaces Fix deferred devspaces/pluginregistry-rhel9 Red Hat Process Automation 7 Fix deferred spring-boot Red Hat Single Sign-On 7 Fix deferred spring-boot https://www.cve.org/CVERecord?id=CVE-2026-40974 https://nvd.nist.gov/vuln/detail/CVE-2026-40974 https://spring.io/security/cve-2026-40974