VYPR

Kafka

by Apache

Source repositories

CVEs (5)

  • CVE-2026-33557CriApr 20, 2026
    risk 0.52cvss 9.1epss 0.01

    A possible security vulnerability has been identified in Apache Kafka. By default, the broker property `sasl.oauthbearer.jwt.validator.class` is set to `org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator`. It accepts any JWT token without validating…

  • CVE-2026-33558MedApr 20, 2026
    risk 0.27cvss 5.3epss 0.01

    Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the…

  • CVE-2026-41115MedJun 2, 2026
    risk 0.21cvss 4.3epss 0.00

    An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMER_GROUP_DESCRIBE (69) API validates the DESCRIBE operation on the GROUP resource instead of the READ operation that documented in the official kafka documentation and…

  • CVE-2019-12399Jan 14, 2020
    risk 0.00cvss epss 0.04

    When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration…

  • CVE-2018-17196Jul 11, 2019
    risk 0.00cvss epss 0.05

    In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. Only authenticated clients with Write permission on the respective topics are able to exploit this vulnerability. Users…