2 matches found
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JsonKafkaHeaderMapper or the deprecated DefaultKafkaHeaderMapper functions. An attacker can achieve arbitrary code execution by supplying crafted header values that trigger deserialization of...
CVE-2026-33558
CVE-2026-33558 affects Apache Kafka: the NetworkClient logs sensitive information at DEBUG level, exposing full requests/responses for certain APIs (AlterConfigsRequest, AlterUserScramCredentialsRequest, ExpireDelegationTokenRequest, IncrementalAlterConfigsRequest, RenewDelegationTokenRequest, Sa...