Apache Kafka Client - Arbitrary File Read

Apache Kafka Client contains arbitrary file read and server-side request forgery caused by untrusted configuration of sasl.oauthbearer.token.endpoint.url and sasl.oauthbearer.jwks.endpoint.url, letting attackers read files or send requests to unintended locations, exploit requires untrusted party...

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: kots, fulcio, crossplane-provider-azure-storage, crossplane-provider-azure-orbital, neuvector-sigstore-interface-fips, knative-eventing-fips, opentelemetry-collector, ksops, crossplane-provider-azure-servicelinker, gitea, terragrunt-fips, nemo,...

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: kots, opentelemetry-collector, gitea, nemo, flux-image-automation-controller, spire-server, helm, knative-serving-fips, kubescape-server-fips, cloudbeat, cilium, skaffold, kubescape, cilium-cli, k9s-fips, argocd-image-updater-fips, kubernetes, coder,...

GHSA-89GR-R52H-F8RX vulnerabilities

Vulnerabilities for packages: kots, fulcio, crossplane-provider-azure-storage, crossplane-provider-azure-orbital, neuvector-sigstore-interface-fips, knative-eventing-fips, opentelemetry-collector, ksops, crossplane-provider-azure-servicelinker, gitea, terragrunt-fips, nemo,...

GHSA-F5WC-C3C7-36MC vulnerabilities

Vulnerabilities for packages: kots, opentelemetry-collector, gitea, terragrunt-fips, nemo, flux-image-automation-controller, spire-server, helm, knative-serving-fips, terragrunt, trufflehog-fips, redpanda-console, gptscript, cloudbeat, cilium, kubescape-server-fips, mapotf, skaffold, step-issuer,...

Kafka UI 0.7.1 Command Injection

An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/topic/messages. id: CVE-2023-52251 info: name: Kafka UI 0.7.1 Command Injection author: yhy0,iamnoooob severity: high description: | An...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Kafka (CVE-2026-35554)

Summary A vulnerability in Apache Kafka that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2026-33558 DESCRIPTION: Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and response...

ROOT-APP-MAVEN-CVE-2026-35554 CVE-2026-35554 in io.root.org.apache.kafka:kafka-clients - Patched by Root

Root has patched CVE-2026-35554 in the io.root.org.apache.kafka:kafka-clients package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2024-31141 CVE-2024-31141 in io.root.org.apache.kafka:kafka-clients - Patched by Root

Root has patched CVE-2024-31141 in the io.root.org.apache.kafka:kafka-clients package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2026-33558 CVE-2026-33558 in io.root.org.apache.kafka:kafka-clients - Patched by Root

Root has patched CVE-2026-33558 in the io.root.org.apache.kafka:kafka-clients package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2024-56128 CVE-2024-56128 in io.root.org.apache.kafka:kafka_2.12 - Patched by Root

Root has patched CVE-2024-56128 in the io.root.org.apache.kafka:kafka2.12 package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2025-27818 CVE-2025-27818 in io.root.org.apache.kafka:kafka_2.12 - Patched by Root

Root has patched CVE-2025-27818 in the io.root.org.apache.kafka:kafka2.12 package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2025-27817 CVE-2025-27817 in io.root.org.apache.kafka:kafka-clients - Patched by Root

Root has patched CVE-2025-27817 in the io.root.org.apache.kafka:kafka-clients package for Root:Maven. Multiple fixed versions available...

PT-2026-51311

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An authenticated site administrator can set the Kafka rdkafka config setting to an arbitrary filesystem path. The system parses the referenced INI file and passes its options to rdkafka. By usin...

Astra Linux – Vulnerability in Wireshark

A memory leak in the Kafka protocol dissector in Wireshark versions 3.4.0 and 3.2.0 to 3.2.8 allows for denial of service through packet injection or malicious capture files...

CVE-2026-55226

When deploying only the Topic Operator or only the User Operator via the Kafka custom resource, the Entity Operator's ServiceAccount retains RBAC rights for both operators rather than scoping permissions to the one actually deployed. This allows the ServiceAccount to access KafkaUser custom...

CVE-2026-41731

A flaw was found in the spring-kafka component. A remote attacker, by supplying crafted header values, could exploit a vulnerability in JsonKafkaHeaderMapper and DefaultKafkaHeaderMapper that incorrectly matched type headers against trusted packages. This issue, combined with Jackson's default be...

Apache Druid Kafka Connect - Remote Code Execution

The vulnerability has the potential to enable a remote attacker with authentication to run any code on the system. This is due to unsafe deserialization that occurs during the configuration of the connector through the Kafka Connect REST API id: CVE-2023-25194 info: name: Apache Druid Kafka Conne...

Linux Distros Unpatched Vulnerability : CVE-2026-10143

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker ...

GHSA-H2QV-FJ59-J46J vulnerabilities

Vulnerabilities for packages: neo4j, celeborn, apache-activemq-artemis, apache-pulsar, apache-hop, apicurio-registry, pinot, pinot-fips, request-9047-keycloak-fips, knative-kafka-broker-fips, hono, keycloak-fips, apache-pulsar-fips, tez, thingsboard, management-api-for-apache-cassandra-5.0,...