Strimzi
by Strimzi
Source repositories
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-55225 | imp | 0.45 | 8.0 | — | Jun 17, 2026 | strimzi-cluster-operator: Cross-namespace privilege escalation via Kafka.spec.entityOperator.watchedNamespace in Strimzi | ||
| CVE-2026-55226 | 0.00 | — | — | Jun 18, 2026 | ### Impact When only the Topic or only the User operators are deployed as part of the Entity Operator in the `Kafka` custom resource, the RBAC rights are not following the principle of least-privilege and the Entity Operator ServiceAccount still has access rights corresponding… | |||
| CVE-2026-27133 | 0.00 | — | 0.00 | Feb 20, 2026 | Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. From 0.47.0 to before 0.50.1, when a chain consisting of multiple CA (Certificate Authority) certificates is used in the trusted certificates configuration of a… |
- risk 0.45cvss 8.0epss —
strimzi-cluster-operator: Cross-namespace privilege escalation via Kafka.spec.entityOperator.watchedNamespace in Strimzi
- CVE-2026-55226Jun 18, 2026risk 0.00cvss —epss —
### Impact When only the Topic or only the User operators are deployed as part of the Entity Operator in the `Kafka` custom resource, the RBAC rights are not following the principle of least-privilege and the Entity Operator ServiceAccount still has access rights corresponding…
- CVE-2026-27133Feb 20, 2026risk 0.00cvss —epss 0.00
Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. From 0.47.0 to before 0.50.1, when a chain consisting of multiple CA (Certificate Authority) certificates is used in the trusted certificates configuration of a…