1310 matches found
Apache Kafka Client - Arbitrary File Read
Apache Kafka Client contains arbitrary file read and server-side request forgery caused by untrusted configuration of sasl.oauthbearer.token.endpoint.url and sasl.oauthbearer.jwks.endpoint.url, letting attackers read files or send requests to unintended locations, exploit requires untrusted party...
Kafka UI 0.7.1 Command Injection
An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/topic/messages. id: CVE-2023-52251 info: name: Kafka UI 0.7.1 Command Injection author: yhy0,iamnoooob severity: high description: | An...
CVE-2026-54775
CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service listening on a Kafka topic stops processing new records from that topic when KafkaTransportPump receives a null-value tombstone record, causing a persistent...
CVE-2026-54775 CoreWCF: Kafka consume pump halts permanently on a Kafka tombstone (null-value record), causing persistent endpoint denial of service.
CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service listening on a Kafka topic stops processing new records from that topic when KafkaTransportPump receives a null-value tombstone record, causing a persistent...
CVE-2026-54775
Summary: CVE-2026-54775 affects CoreWCF.Kafka’s KafkaTransportPump. Before versions 1.8.1 and 1.9.1, a null-value tombstone (Kafka tombstone) on a topic causes the pump to halt, stopping processing of new records and potentially causing persistent endpoint denial of service for topics with produc...
ROOT-APP-MAVEN-CVE-2026-41726 CVE-2026-41726 in io.root.org.springframework.kafka:spring-kafka - Patched by Root
Root has patched CVE-2026-41726 in the io.root.org.springframework.kafka:spring-kafka package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-41731 CVE-2026-41731 in io.root.org.springframework.kafka:spring-kafka - Patched by Root
Root has patched CVE-2026-41731 in the io.root.org.springframework.kafka:spring-kafka package for Root:Maven. Multiple fixed versions available...
CVE-2026-49098
Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel Kafka Component. The camel-kafka producer can override its configured target topic at runtime from the kafka.OVERRIDETOPIC Exchange header:...
EUVD-2026-41844
Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel Kafka Component. The camel-kafka producer can override its configured target topic at runtime from the kafka.OVERRIDETOPIC Exchange header:...
CVE-2026-49098
Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel Kafka Component. The camel-kafka producer can override its configured target topic at runtime from the kafka.OVERRIDETOPIC Exchange header:...
CVE-2026-49098
The CVE describes an injection-type flaw in the Apache Camel Kafka Component where the kafka.OVERRIDE_TOPIC (and related kafka.* headers) can override the endpoint topic at runtime. KafkaProducer.evaluateTopic() returns the header value in preference to the endpoint topic, and headers pass throug...
CVE-2026-49098 Apache Camel: Camel-Kafka: The kafka.OVERRIDE_TOPIC (and other kafka.*) Exchange header constants used non-Camel-prefixed names that bypass the upstream HTTP header filter, allowing an HTTP client to redirect Kafka messages to an arbitrary topic
Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel Kafka Component. The camel-kafka producer can override its configured target topic at runtime from the kafka.OVERRIDETOPIC Exchange header:...
PT-2026-55905
Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An injection issue exists in the Apache Camel Kafka component due to improper input validation and...
Important: Red Hat Security Advisory: Streams for Apache Kafka 2.9.4 release and security update
Streams for Apache Kafka 2.9.4 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Malicious code in confluent-kafka-javascript (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e20f9433c5da4c3ee143c33ec2a876e07ff01aa1188d0efa783858bcd0903d3c Analysis of this package version produced no static indicator and no traced behavioral findings. The tarball does not exhibit lifecycle-script...
MAL-2026-6682 Malicious code in confluent-kafka-javascript (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e20f9433c5da4c3ee143c33ec2a876e07ff01aa1188d0efa783858bcd0903d3c Analysis of this package version produced no static indicator and no traced behavioral findings. The tarball does not exhibit lifecycle-script...
ROOT-APP-MAVEN-CVE-2025-27817 CVE-2025-27817 in io.root.org.apache.kafka:kafka-clients - Patched by Root
Root has patched CVE-2025-27817 in the io.root.org.apache.kafka:kafka-clients package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2024-56128 CVE-2024-56128 in io.root.org.apache.kafka:kafka_2.12 - Patched by Root
Root has patched CVE-2024-56128 in the io.root.org.apache.kafka:kafka2.12 package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-33558 CVE-2026-33558 in io.root.org.apache.kafka:kafka-clients - Patched by Root
Root has patched CVE-2026-33558 in the io.root.org.apache.kafka:kafka-clients package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2025-27818 CVE-2025-27818 in io.root.org.apache.kafka:kafka_2.12 - Patched by Root
Root has patched CVE-2025-27818 in the io.root.org.apache.kafka:kafka2.12 package for Root:Maven. Multiple fixed versions available...