2 matches found
CVE-2026-33557
A possible security vulnerability has been identified in Apache Kafka. By default, the broker property sasl.oauthbearer.jwt.validator.class is set to org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator. It accepts any JWT token without validating its signature, issuer, or audience. A...
CVE-2026-33557
CVE-2026-33557 affects Apache Kafka where the broker’s default oauthbearer JWT validator (DefaultJwtValidator) accepts any JWT without validating signature, issuer, or audience. An attacker can generate a token from any issuer with a chosen preferred_username, and the broker will accept it. Techn...