VYPR

Strimzi

by Strimzi

Source repositories

CVEs (3)

  • CVE-2026-55225impJun 17, 2026
    risk 0.45cvss 8.0epss

    strimzi-cluster-operator: Cross-namespace privilege escalation via Kafka.spec.entityOperator.watchedNamespace in Strimzi

  • CVE-2026-55226Jun 18, 2026
    risk 0.00cvss epss

    ### Impact When only the Topic or only the User operators are deployed as part of the Entity Operator in the `Kafka` custom resource, the RBAC rights are not following the principle of least-privilege and the Entity Operator ServiceAccount still has access rights corresponding…

  • CVE-2026-27133Feb 20, 2026
    risk 0.00cvss epss 0.00

    Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. From 0.47.0 to before 0.50.1, when a chain consisting of multiple CA (Certificate Authority) certificates is used in the trusted certificates configuration of a…