VYPR

Strimzi Kafka Operator

by Strimzi

Source repositories

CVEs (4)

  • CVE-2024-36543CriJun 17, 2024
    risk 0.64cvss 9.8epss 0.01

    Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector (bypassing Kafka ACL if it exists),…

  • CVE-2026-27134Feb 20, 2026
    risk 0.00cvss epss 0.00

    Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. In versions 0.49.0 through 0.50.0, when using a custom Cluster or Clients CA with a multistage CA chain consisting of multiple CAs, Strimzi incorrectly…

  • CVE-2026-27133Feb 20, 2026
    risk 0.00cvss epss 0.00

    Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. From 0.47.0 to before 0.50.1, when a chain consisting of multiple CA (Certificate Authority) certificates is used in the trusted certificates configuration of a…

  • CVE-2025-66623Dec 5, 2025
    risk 0.00cvss epss 0.00

    Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. From 0.47.0 and prior to 0.49.1, in some situations, Strimzi creates an incorrect Kubernetes Role which grants the Apache Kafka Connect and Apache Kafka…