Memcached SASL Flaw Exposes Usernames to Enumeration Attacks

A timing side-channel vulnerability in Memcached's SASL username validation (CVE-2026-47783) affects versions prior to 1.6.42 and can be abused to remotely enumerate valid usernames by measuring authentication response times. The issue is patched in Memcached 1.6.42, which normalizes processing time during username validation; administrators are strongly advised to upgrade because enumerated usernames can be used with brute-force or credential-stuffing to gain unauthorized access, particularly when Memcached instances are exposed to untrusted networks.