memcached CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH memcached CVE published 2026-05-20

CVE-2026-47784

CVE-2026-47784 is a timing side-channel issue in memcached’s SASL password database authentication path. The flaw exists in versions before 1.6.42, where sasl_server_userdb_checkpass uses memcmp in a way that can leak information through response timing. The record was published by NVD/MITRE on 2026-05-20 and was still marked "Undergoing Analysis" in the source snapshot. NVD rates the issue HIGH (CVSS 8.1).

HIGH memcached CVE published 2026-05-20

CVE-2026-47783

CVE-2026-47783 affects memcached versions before 1.6.42. In SASL password database authentication, sasl_server_userdb_checkpass exits its loop as soon as it finds a valid username, creating a timing side channel (CWE-208). NVD lists the issue as HIGH severity with CVSS 8.1, and the supplied record shows the item was still undergoing analysis at the time of publication.