CVE-2026-27133 Strimzi All CAs from CA chain will be trusted in Kafka Connect and Kafka MirrorMaker 2 target clusters

Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. From 0.47.0 to before 0.50.1, when a chain consisting of multiple CA Certificate Authority certificates is used in the trusted certificates configuration of a Kafka Connect opera...

CVE-2026-27133

Summary: Strimzi Kafka Connect and Kafka MirrorMaker 2 operands on Kubernetes/OpenShift trust every CA in a multi-CA chain when configured as trusted certificates (versions 0.47.0–0.50.0). This allows certificates signed by any CA in the chain to be accepted when connecting to brokers, potentiall...

GHSA-XRHH-HX36-485Q Strimzi allows unrestricted access to all Secrets in the same Kubernetes namespace from Kafka Connect and MirrorMaker 2 operands

Impact In some situations, Strimzi creates an incorrect Kubernetes Role which grants the Apache Kafka Connect and Apache Kafka MirrorMaker 2 operands the GET access to all Kubernetes Secrets that exist in the given Kubernetes namespace. The exact scenario when this happens is when: Apache Kafka...

CVE-2025-66623

Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. From 0.47.0 and prior to 0.49.1, in some situations, Strimzi creates an incorrect Kubernetes Role which grants the Apache Kafka Connect and Apache Kafka MirrorMaker 2 operands th...

PT-2025-49308

Name of the Vulnerable Software and Affected Versions Strimzi versions 0.47.0 through 0.49.0 Description Strimzi allows running an Apache Kafka cluster on Kubernetes or OpenShift. Versions from 0.47.0 up to 0.49.0 incorrectly create a Kubernetes Role. This role grants Apache Kafka Connect and...