3 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-33557
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A possible security vulnerability has been identified in Apache Kafka. By default, the broker property sasl.oauthbearer.jwt.validator.class is set to...
GHSA-28JG-CGG7-J4WC Apache Kafka does not validate JWT tokens in its OAUTHBEARER authentication implementation
A security vulnerability has been identified in Apache Kafka. By default, the broker property sasl.oauthbearer.jwt.validator.class is set to org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator. It accepts any JWT token without validating its signature, issuer, or audience. An attacke...
CVE-2026-33557 Apache Kafka: Missing JWT token validation in OAUTHBEARER authentication
A possible security vulnerability has been identified in Apache Kafka. By default, the broker property sasl.oauthbearer.jwt.validator.class is set to org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator. It accepts any JWT token without validating its signature, issuer, or audience. A...