VYPR
Vendor

Strimzi

Products
2
CVEs
6
Across products
7
Status
Private

Products

2

Recent CVEs

6
  • CVE-2024-36543CriJun 17, 2024
    risk 0.64cvss 9.8epss 0.01

    Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector (bypassing Kafka ACL if it exists),…

  • CVE-2026-55225impJun 17, 2026
    risk 0.45cvss 8.0epss

    strimzi-cluster-operator: Cross-namespace privilege escalation via Kafka.spec.entityOperator.watchedNamespace in Strimzi

  • CVE-2026-55226Jun 18, 2026
    risk 0.00cvss epss

    ### Impact When only the Topic or only the User operators are deployed as part of the Entity Operator in the `Kafka` custom resource, the RBAC rights are not following the principle of least-privilege and the Entity Operator ServiceAccount still has access rights corresponding…

  • CVE-2026-27134Feb 20, 2026
    risk 0.00cvss epss 0.00

    Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. In versions 0.49.0 through 0.50.0, when using a custom Cluster or Clients CA with a multistage CA chain consisting of multiple CAs, Strimzi incorrectly…

  • CVE-2026-27133Feb 20, 2026
    risk 0.00cvss epss 0.00

    Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. From 0.47.0 to before 0.50.1, when a chain consisting of multiple CA (Certificate Authority) certificates is used in the trusted certificates configuration of a…

  • CVE-2025-66623Dec 5, 2025
    risk 0.00cvss epss 0.00

    Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. From 0.47.0 and prior to 0.49.1, in some situations, Strimzi creates an incorrect Kubernetes Role which grants the Apache Kafka Connect and Apache Kafka…