EXECUTIVE SUMMARY:
Multiple security vulnerabilities have been identified in Memcached software versions prior to 1.6.42. These vulnerabilities consist of two critical timing side-channel flaws within the authentication subsystem, specifically in the username validation logic and password verification phase. This issue allows an attacker to analyze response times to enumerate valid usernames and guess passwords byte by byte based on processing delays. The business risk and impact of these vulnerabilities are significant, as they can be exploited to gain unauthorized access to systems that utilize Memcached for caching infrastructure. Therefore, administrators must take immediate action to secure their systems and prevent potential data breaches and system crashes.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
Multiple security vulnerabilities have been identified in Memcached software versions prior to 1.6.42. These vulnerabilities consist of two critical timing side-channel flaws within the authentication subsystem, specifically in the username validation logic and password verification phase. This issue allows an attacker to analyze response times to enumerate valid usernames and guess passwords byte by byte based on processing delays. The business risk and impact of these vulnerabilities are significant, as they can be exploited to gain unauthorized access to systems that utilize Memcached for caching infrastructure. Therefore, administrators must take immediate action to secure their systems and prevent potential data breaches and system crashes.[emaillocker id="1283"]
CVE-2026-47783 with a CVSS score of 8.1 – The vulnerability affects username validation logic in software versions before 1.6.42, causing a timing side channel in username data for SASL password database authentication. An attacker can analyze response times to enumerate valid usernames on the system, exploiting this flaw to gain unauthorized access.
CVE-2026-47784 with a CVSS score of 8.1 – The vulnerability targets the password verification phase, introducing a timing side channel in password data due to standard memcmp operations. This allows malicious actors to systematically guess passwords byte by byte based on processing delays, ultimately gaining unauthorized access to systems.
The overall risk and urgency of this vulnerability are critical, as it can be exploited to gain unauthorized access to systems that utilize Memcached for caching infrastructure. If exploited, the business consequences can be severe, including data breaches, system crashes, and potential financial losses.
RECOMMENDATION:
We recommend you to update Memcached to version 1.6.42.
REFERENCES:
The followingreports contain further technical details:
https://securityonline.info/memcached-sasl-vulnerability-cve-2026-47783/