A race condition in the account lockout mechanism in Delphix Continous Data allowed the lockout threshold to be bypassed through concurrent authentication requests. Parallel login attempts were processed before the failed-login counter and lockout status were updated, defeating brute-force protections and enabling continued password guessing against a targeted account.

Project Subscriptions

No data.

Advisories

No advisories yet.

Fixes

Solution

Upgrade to Delphix Continuous Data version 2026.4.0.0


Workaround

No workaround given by the vendor.

History

Thu, 16 Jul 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 16 Jul 2026 14:45:00 +0000

Type Values Removed Values Added
Description A race condition in the account lockout mechanism in Delphix Continous Data allowed the lockout threshold to be bypassed through concurrent authentication requests. Parallel login attempts were processed before the failed-login counter and lockout status were updated, defeating brute-force protections and enabling continued password guessing against a targeted account.
Title Improper Restriction of Excessive Authentication Attempts in Delphix Continuous Data
Weaknesses CWE-307
References
Metrics cvssV4_0

{'score': 8.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N'}


Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Perforce

Published:

Updated: 2026-07-16T14:54:33.736Z

Reserved: 2026-06-30T14:40:32.730Z

Link: CVE-2026-14254

cve-icon Vulnrichment

Updated: 2026-07-16T14:54:29.903Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses