CVE-2026-62764 PUBLISHED

Apache Accumulo: A user can trigger a graceful shutdown of services without the relevant system permissions

Assigner: apache
Reserved: 14.07.2026 Published: 17.07.2026 Updated: 17.07.2026

Improper Handling of Insufficient Privileges vulnerability in Apache Accumulo. An authenticated, but low-privileged user without system permissions may issue a remote command to gracefully shutdown system components (compaction-coordinator, compactor, gc, manager, monitor, tserver, or sserver), leading to a denial of service.

This issue affects Apache Accumulo 2.1.4 and 2.1.5.

Users are recommended to upgrade to version 2.1.6, which fixes the issue.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:D/RE:L/U:Green
CVSS Score: 5.7

Product Status

Vendor Apache Software Foundation
Product Apache Accumulo
Versions Default: unaffected
  • affected from 2.1.4 to 2.1.5 (incl.)

Credits

  • Fabian Fleischer reporter

References

Problem Types

  • CWE-274 Improper Handling of Insufficient Privileges CWE