CVE-2026-55226

When deploying only the Topic Operator or only the User Operator via the Kafka custom resource, the Entity Operator's ServiceAccount retains RBAC rights for both operators rather than scoping permissions to the one actually deployed. This allows the ServiceAccount to access KafkaUser custom...

CVE-2026-55225

When the Strimzi cluster operator is deployed with watchAnyNamespace=true or a multi-namespace list, any namespace editor can set Kafka.spec.entityOperator.userOperator.watchedNamespace or topicOperator.watchedNamespace to an arbitrary namespace. The cluster operator then creates a Role granting...

PT-2026-50540

Impact Having the Topic and User operators to watch different namespaces than the one where the Kafka cluster is deployed, is a fully documented feature. When the watchedNamespace field is used within the Topic or User operator as part of the Kafka.spec.entityOperator field, the Cluster Operator...

PT-2026-50541

Impact When only the Topic or only the User operators are deployed as part of the Entity Operator in the Kafka custom resource, the RBAC rights are not following the principle of least-privilege and the Entity Operator ServiceAccount still has access rights corresponding to both operators. That...

CLEANSTART-2026-RG24361 Security fixes for CVE-2025-11143, CVE-2026-1605, ghsa-72hv-8253-57qq, ghsa-cphf-4846-3xx9 applied in versions: 0.50.0-r0, 0.51.0-r0

Multiple security vulnerabilities affect the strimzi-kafka-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-GQ14179 Security fixes for CVE-2025-11143, CVE-2025-53864, CVE-2025-55163, CVE-2025-58056, CVE-2025-58057, CVE-2025-67735, CVE-2025-68161, CVE-2026-1002, CVE-2026-1605, ghsa-72hv-8253-57qq applied in versions: 0.46.1-r3, 0.46.1-r4

Multiple security vulnerabilities affect the strimzi-kafka-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-IA43044 Security fixes for CVE-2020-8908, CVE-2022-42889, CVE-2023-2976, CVE-2024-25710, CVE-2024-26308, CVE-2024-29371, CVE-2024-29857, CVE-2024-30171, CVE-2024-31573, CVE-2024-47554, CVE-2025-11143, CVE-2025-12383, CVE-2025-48734, CVE-2025-48924, CVE-2025-58057, CVE-2025-67735, CVE-2025-68161, CVE-2025-8916, CVE-2026-1002, CVE-2026-1605, ghsa-72hv-8253-57qq applied in versions: 0.47.0-r2, 0.47.0-r3

Multiple security vulnerabilities affect the strimzi-kafka-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-DC73689 Security fixes for CVE-2025-11143, CVE-2025-67735, CVE-2025-68161, CVE-2026-1002, CVE-2026-1605, ghsa-72hv-8253-57qq applied in versions: 0.48.0-r1

Multiple security vulnerabilities affect the strimzi-kafka-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-GM79879 Security fixes for CVE-2025-11143, CVE-2025-68161, CVE-2026-1002, CVE-2026-1605, ghsa-72hv-8253-57qq applied in versions: 0.49.1-r0

Multiple security vulnerabilities affect the strimzi-kafka-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-DS86833 Security fixes for CVE-2025-11143, CVE-2026-1605, ghsa-72hv-8253-57qq, ghsa-cphf-4846-3xx9 applied in versions: 0.50.0-r0, 0.50.1-r0

Multiple security vulnerabilities affect the strimzi-kafka-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

GHSA-XXH7-FCF3-RJ7F vulnerabilities

Vulnerabilities for packages: druid, confluent-kafka, strimzi-kafka-operator, akhq, trino, kafka, dependency-track, apache-pulsar, neo4j, solr...

CVE-2026-1605 vulnerabilities

Vulnerabilities for packages: druid, confluent-kafka, strimzi-kafka-operator, akhq, trino, kafka, dependency-track, apache-pulsar, neo4j, solr...

GHSA-XXH7-FCF3-RJ7F vulnerabilities

Vulnerabilities for packages: dependency-track, trino, kafka-fips, apache-jena-fuseki, apache-hop-fips, confluent-kafka, jenkins, neo4j, kafka, solr, strimzi-kafka-operator, apache-pulsar-fips, dependency-track-apiserver, druid, akhq, apache-pulsar, confluent-kafka-jre-bcfips, apache-hop...

CVE-2026-1605 vulnerabilities

Vulnerabilities for packages: dependency-track, trino, kafka-fips, apache-jena-fuseki, apache-hop-fips, confluent-kafka, jenkins, neo4j, kafka, solr, strimzi-kafka-operator, apache-pulsar-fips, dependency-track-apiserver, druid, akhq, apache-pulsar, confluent-kafka-jre-bcfips, apache-hop...

CVE-2026-27133

A flaw was found in Strimzi, specifically within the Kafka Connect and Kafka MirrorMaker 2 operands. When a chain of multiple Certificate Authority CA certificates is configured for trusted certificates, the system incorrectly trusts all certificates in the chain individually, rather than only th...

CVE-2026-27134

A flaw was found in Strimzi. When using a custom Cluster or Clients Certificate Authority CA with a multistage CA chain, Strimzi incorrectly configures the trusted certificates for mutual Transport Layer Security mTLS authentication. This allows users with certificates signed by any CA in the cha...

CVE-2026-27134

Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. In versions 0.49.0 through 0.50.0, when using a custom Cluster or Clients CA with a multistage CA chain consisting of multiple CAs, Strimzi incorrectly configures the trusted...

Strimzi 安全漏洞

Strimzi is an open-source program developed by Strimzi that allows for the operation of Apache Kafka clusters on Kubernetes with various deployment configurations. There are security vulnerabilities in versions 0.49.0 to 0.50.0 of Strimzi, which stem from improper configuration of the multi-stage...

CVE-2026-27133

Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. From 0.47.0 to before 0.50.1, when a chain consisting of multiple CA Certificate Authority certificates is used in the trusted certificates configuration of a Kafka Connect opera...

CVE-2026-27134 Strimzi: All CAs from a custom CA chain consisting of multiple CAs are trusted for mTLS user autentication

Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. In versions 0.49.0 through 0.50.0, when using a custom Cluster or Clients CA with a multistage CA chain consisting of multiple CAs, Strimzi incorrectly configures the trusted...