VYPR

Karapace

by Aiven Open

Source repositories

CVEs (2)

  • CVE-2025-61673HigOct 3, 2025
    risk 0.56cvss 8.6epss 0.00

    Karapace is an open-source implementation of Kafka REST and Schema Registry. Versions 5.0.0 and 5.0.1 contain an authentication bypass vulnerability when configured to use OAuth 2.0 Bearer Token authentication. If a request is sent without an Authorization header, the token…

  • CVE-2026-29190Mar 7, 2026
    risk 0.00cvss epss 0.00

    Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader (backup/backends/v3/backend.py). If a malicious backup file is provided to Karapace, an attacker may exploit…