What is GHSA-r4h3-4q3v-2776?

GHSA-r4h3-4q3v-2776 is a security advisory published by GitHub Security Advisories with High severity. In memcached before 1.6.42, password data for SASL password database authentication has a timing...

Which CVE IDs does GHSA-r4h3-4q3v-2776 cover?

GHSA-r4h3-4q3v-2776 covers the following CVE IDs: CVE-2026-47784. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-r4h3-4q3v-2776?

GHSA-r4h3-4q3v-2776 has a CVSS v3 base score of 8.1, published by GitHub Security Advisories.

GHSA-r4h3-4q3v-2776HighCVSS 8.1

In memcached before 1.6.42, password data for SASL password database authentication has a timing...

Vendor

GitHub Security Advisories

Published

May 20, 2026

Last Modified

May 20, 2026

🔗 CVE IDs covered (1)

CVE-2026-47784 →

📋 Description

In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2026-47784
https://github.com/memcached/memcached/commit/d13f282b4bce33a9c33b8a1bbf07f12114160fed
https://github.com/memcached/memcached/compare/1.6.41...1.6.42
https://github.com/memcached/memcached/wiki/ReleaseNotes1642
https://github.com/advisories/GHSA-r4h3-4q3v-2776