17 matches found
CVE-2026-29190
Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader backup/backends/v3/backend.py. If a malicious backup file is provided to Karapace, an attacker may exploit insufficient path validation...
CVE-2026-29190
Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader backup/backends/v3/backend.py. If a malicious backup file is provided to Karapace, an attacker may exploit insufficient path validation...
CVE-2026-29190 Karapace: Path Traversal in Backup Reader
Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader backup/backends/v3/backend.py. If a malicious backup file is provided to Karapace, an attacker may exploit insufficient path validation...
CVE-2026-29190 Karapace: Path Traversal in Backup Reader
Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader backup/backends/v3/backend.py. If a malicious backup file is provided to Karapace, an attacker may exploit insufficient path validation...
EUVD-2026-10147
Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader backup/backends/v3/backend.py. If a malicious backup file is provided to Karapace, an attacker may exploit insufficient path validation...
CVE-2026-29190
Karapace (open-source Kafka REST/Schema Registry) prior to v6.0.0 contains a Path Traversal in the backup reader (backup/backends/v3/backend.py). An attacker could read arbitrary files on the host where Karapace runs by supplying a malicious backup file, with impact depending on the process’s fil...
CVE-2026-29190 Karapace: Path Traversal in Backup Reader
Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader backup/backends/v3/backend.py. If a malicious backup file is provided to Karapace, an attacker may exploit insufficient path validation...
PT-2026-23862
Name of the Vulnerable Software and Affected Versions Karapace versions prior to 6.0.0 Description Karapace is an implementation of Kafka REST and Schema Registry. A path traversal flaw exists in the backup reader backup/backends/v3/backend.py in versions before 6.0.0. An attacker providing a...
karapace 路径遍历漏洞
Karapace is an open-source message queue tool developed by Aiven Open. Versions of Karapace prior to 6.0.0 contained a path traversal vulnerability. This vulnerability stemmed from issues with the backup reader, allowing for arbitrary file access...
CVE-2025-61673
Karapace is an open-source implementation of Kafka REST and Schema Registry. Versions 5.0.0 and 5.0.1 contain an authentication bypass vulnerability when configured to use OAuth 2.0 Bearer Token authentication. If a request is sent without an Authorization header, the token validation logic is...
CVE-2025-61673
Karapace is an open-source implementation of Kafka REST and Schema Registry. Versions 5.0.0 and 5.0.1 contain an authentication bypass vulnerability when configured to use OAuth 2.0 Bearer Token authentication. If a request is sent without an Authorization header, the token validation logic is...
CVE-2025-61673 Karapace is vulnerable to Authentication Bypass
Karapace is an open-source implementation of Kafka REST and Schema Registry. Versions 5.0.0 and 5.0.1 contain an authentication bypass vulnerability when configured to use OAuth 2.0 Bearer Token authentication. If a request is sent without an Authorization header, the token validation logic is...
CVE-2025-61673
Karapace is an open-source Kafka REST and Schema Registry implementation. Affected versions 5.0.0 and 5.0.1 contain an authentication bypass when OAuth 2.0 Bearer Token authentication is configured: if a request arrives without an Authorization header, the token validation logic is skipped entire...
CVE-2025-61673 Karapace is vulnerable to Authentication Bypass
Karapace is an open-source implementation of Kafka REST and Schema Registry. Versions 5.0.0 and 5.0.1 contain an authentication bypass vulnerability when configured to use OAuth 2.0 Bearer Token authentication. If a request is sent without an Authorization header, the token validation logic is...
CVE-2025-61673 Karapace is vulnerable to Authentication Bypass
Karapace is an open-source implementation of Kafka REST and Schema Registry. Versions 5.0.0 and 5.0.1 contain an authentication bypass vulnerability when configured to use OAuth 2.0 Bearer Token authentication. If a request is sent without an Authorization header, the token validation logic is...
Karapace 访问控制错误漏洞
Karapace is an open source message queuing tool from Aiven Open. An access control error vulnerability exists in Karapace versions 5.0.0 and 5.0.1, which stems from skipping token validation logic when a request is missing the Authorization header, which could lead to unauthenticated users readin...
PT-2025-40602
Name of the Vulnerable Software and Affected Versions Karapace versions 5.0.0 through 5.0.1 Description Karapace, an open-source implementation of Kafka REST and Schema Registry, has an issue where authentication checks are bypassed when OAuth 2.0 Bearer Token authentication is enabled...