A high-severity vulnerability has been disclosed in Memcached, the widely deployed open-source distributed memory caching system, allowing unauthenticated remote attackers to enumerate valid usernames in SASL-protected deployments. Tracked as CVE-2026-47783 and classified under CWE-208: Observable Timing Discrepancy, the flaw affects all Memcached versions prior to 1.6.42, which was released on May 18, 2026. The vulnerability exists within the sasl_server_userdb_checkpass function […]
The post Critical Memcached SASL Flaw Lets Attackers Infer Usernames appeared first on Cyber Security News.