CVE-2026-33558

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...

EUVD-2026-33961

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service DoS and complete account...

CVE-2026-41115

An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMERGROUPDESCRIBE 69 API validates the DESCRIBE operation on the GROUP resource instead of the READ operation that documented in the official kafka documentation and the KIP-848. This...

PT-2026-45725

Name of the Vulnerable Software and Affected Versions Apache Kafka affected versions not specified Description An improper authorization issue exists in the 'CONSUMER GROUP DESCRIBE' 69 API. The implementation validates the DESCRIBE operation on the GROUP resource, which contradicts the READ...

Apache Kafka 安全漏洞

Apache Kafka is an open-source distributed streaming platform developed by the Apache Foundation in the United States. This platform enables the acquisition of real-time data, allowing for the creation of applications that can respond in real time to changes in data streams. There are security...

A Bootiful Podcast: Spring Messaging Legend Soby Chacko

Hi, Spring fans! In this installment, we talk with the legendary Soby Chacko about Apache Kafka, Spring AI, and much more! apachekafka kafka...

Security Bulletin: Due to use of Apache Kafka, IBM Operations Analytics - Log Analysis is affected by remote code execution and denial of service.

Summary Apache Kafka in Logstash is used by IBM Operations Analytics - Log Analysis for high-throughput, fault-tolerant, and scalable data processing. CVE-2025-27819, CVE-2025-27818. Vulnerability Details CVEID:CVE-2025-27819 DESCRIPTION: In CVE-2023-25194, we announced the RCE/Denial of service...

apache-kafka: Apache Kafka: Possible RCE attack via SASL JAAS LdapLoginModule configuration

A flaw was found in apache-kafka. This issue occurs due to improper handling of configuration data when using a Kafka client SASL JAAS, allowing an attacker with access to alterConfig for a cluster resource or Kafka Connect worker to inject arbitrary configuration. This injection can lead to the...

Security Bulletin: IBM Operational Decision Manager for Sept 2025 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-27818...

PT-2025-40611

CVE-2025-61596 - Apache Kafka Deserialization RCE CVE ID : CVE-2025-61596 Published : Oct. 1, 2025, 5:15 p.m. | 3 hours, 57 minutes ago Description : Rejected reason: This is a fork and is not in the Rust registry. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected...

kafka: Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption

A flaw was found in Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism SCRAM, which did not fully adhere to the requirements of RFC 5802. Specifically, as per RFC 5802, the server must verify that the nonce sent by the client in the second message matches the...

The vulnerability of the Apache Kafka message dispatcher, related to deserialization mechanism flaws, allows attackers to trigger a service failure.

The vulnerability of the Apache Kafka message broker is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability can allow a malicious actor to cause a service failure...

The vulnerability of the Apache Kafka message dispatcher, related to deserialization mechanism flaws, allows attackers to execute remote code.

The vulnerability of the Apache Kafka message dispatcher is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute remote code...

kafka: Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption

A flaw was found in Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism SCRAM, which did not fully adhere to the requirements of RFC 5802. Specifically, as per RFC 5802, the server must verify that the nonce sent by the client in the second message matches the...

The vulnerability of the Automatic ConfigProvider component of the Apache Kafka messaging broker allows a hacker to disclose protected information.

The vulnerability of the Automatic ConfigProvider component in the Apache Kafka messaging broker is related to insufficient protection of operational data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose sensitive information that should be protected...

The vulnerability in the web interface of the message dispatcher for Apache Kafka, kafka-ui, allows a hacker to execute arbitrary code.

The vulnerability of the Apache Kafka Kafka-ui message dispatcher web interface is related to deserialization mechanism flaws. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Apache Kafka message dispatcher allows a perpetrator to execute a brute-force attack.

The vulnerability of the Apache Kafka message broker is related to the exposure of information through mismatches. Exploiting this vulnerability allows a malicious actor to execute a brute-force attack...

PT-2023-25651 · Apache +1 · Apache Kafka +1

Name of the Vulnerable Software and Affected Versions: ProLion CryptoSpike version 3.0.15P2 Description: The issue is related to missing authentication in the internal data streaming system, allowing remote unauthenticated users to read potentially sensitive information and deny service to users...

VulnCheck KEV: CVE-2021-38153

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...

The vulnerability of the Apache Kafka message dispatcher, related to deficiencies in access control, allows attackers to bypass security restrictions.

The vulnerability of the Apache Kafka message dispatcher is related to deficiencies in access control when using an Access Control List. Exploiting this vulnerability allows a malicious actor to bypass security restrictions through a specially created request...