External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the processing of externally-supplied credential configuration files. An attacker can access arbitrary files or perform server-side request forgery by providing a crafted configuration with...

CVE-2026-23529 Arbitrary File Read in Google BigQuery Sink connector

Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud credential configurations...

CVE-2026-23529

Summary: CVE-2026-23529 affects the Kafka Connect BigQuery Connector (Google BigQuery Sink) before version 2.11.0. The root cause is failure to validate externally-sourced credential configurations prior to passing them to Google authentication libraries during connector setup. An attacker can su...

CVE-2026-23529 Arbitrary File Read in Google BigQuery Sink connector

Kafka Connect BigQuery Connector is an implementation of a sink connector from Apache Kafka to Google BigQuery. Prior to 2.11.0, there is an arbitrary file read in Google BigQuery Sink connector. Aiven's Google BigQuery Kafka Connect Sink connector requires Google Cloud credential configurations...

PT-2026-3269

Name of the Vulnerable Software and Affected Versions Kafka Connect BigQuery Connector versions prior to 2.11.0 Description The Kafka Connect BigQuery Connector, a sink connector from Apache Kafka to Google BigQuery, contains a flaw that could allow arbitrary file reads. This occurs because the...