Copyright © 2012 Red Hat, Inc. All rights reserved. Important 2026-05-20T05:43:46 memcached: memcached: Username enumeration via timing side channel 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-208

A flaw was found in memcached. A remote attacker can exploit a timing side channel during Simple Authentication and Security Layer (SASL) password database authentication. This vulnerability allows an attacker to observe subtle timing differences, which could be used to enumerate valid usernames.

Red Hat Enterprise Linux 10 Affected memcached Red Hat Enterprise Linux 6 Affected memcached Red Hat Enterprise Linux 7 Affected memcached Red Hat Enterprise Linux 8 Affected memcached Red Hat Enterprise Linux 9 Affected memcached https://www.cve.org/CVERecord?id=CVE-2026-47783 https://nvd.nist.gov/vuln/detail/CVE-2026-47783 https://github.com/memcached/memcached/commit/d13f282b4bce33a9c33b8a1bbf07f12114160fed https://github.com/memcached/memcached/compare/1.6.41...1.6.42 https://github.com/memcached/memcached/wiki/ReleaseNotes1642