Critical Memcached SASL Flaw Lets Attackers Infer Usernames

A high-severity timing vulnerability in Memcached's SASL authentication (CVE-2026-47783) enables unauthenticated remote username enumeration, and a companion CVE (CVE-2026-47784) can leak password data; both affect Memcached versions prior to 1.6.42 and carry CVSS 8.1. The 1.6.42 release fixes these flaws plus additional crashes and race conditions; recommended mitigations include immediate upgrade to 1.6.42, restricting access to port 11211, auditing SASL configurations, and monitoring authentication logs.