What is GHSA-qjpx-j6j4-8xpr?

GHSA-qjpx-j6j4-8xpr is a security advisory published by GitHub Security Advisories with High severity. In memcached before 1.6.42, username data for SASL password database authentication has a timing...

Which CVE IDs does GHSA-qjpx-j6j4-8xpr cover?

GHSA-qjpx-j6j4-8xpr covers the following CVE IDs: CVE-2026-47783. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-qjpx-j6j4-8xpr?

GHSA-qjpx-j6j4-8xpr has a CVSS v3 base score of 8.1, published by GitHub Security Advisories.

GHSA-qjpx-j6j4-8xprHighCVSS 8.1

In memcached before 1.6.42, username data for SASL password database authentication has a timing...

Vendor

GitHub Security Advisories

Published

May 20, 2026

Last Modified

May 20, 2026

🔗 CVE IDs covered (1)

CVE-2026-47783 →

📋 Description

In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2026-47783
https://github.com/memcached/memcached/commit/d13f282b4bce33a9c33b8a1bbf07f12114160fed
https://github.com/memcached/memcached/compare/1.6.41...1.6.42
https://github.com/memcached/memcached/wiki/ReleaseNotes1642
https://github.com/advisories/GHSA-qjpx-j6j4-8xpr