Home/Product/apache kafka
Product

apache kafka

15 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-33558
>= 0.11.0.0 and < 3.9.2
Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests a
5.3MEDIUM
 CVE-2026-33557
>= 4.1.0 and < 4.1.2
A possible security vulnerability has been identified in Apache Kafka. By default, the broker property `sasl.oauthbearer.jwt.vali
9.1CRITICAL
 CVE-2025-27819
>= 2.0.0 and <= 3.3.2
In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API.
7.5HIGH
 CVE-2025-27818
>= 2.3.0 and < 3.9.1
A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the cluster resou
8.8HIGH
 CVE-2025-27817
>= 3.1.0 and < 3.9.1
A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept conf
7.5HIGH
 CVE-2024-56128
>= 0.10.2.0 and < 3.7.2
Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implem
5.3MEDIUM
 CVE-2024-31141
>= 2.3.0 and <= 3.5.2
Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apache
6.5MEDIUM
 CVE-2024-27309
>= 3.5.0 and <= 3.6.1
While an Apache Kafka cluster is being migrated from ZooKeeper mode to KRaft mode, in some cases ACLs will not be correctly enforc
7.4HIGH
 CVE-2022-34917
>= 2.8.0 and < 2.8.2
A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malici
7.5HIGH
 CVE-2021-38153
>= 2.0.0 and < 2.6.3
Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make
5.9MEDIUM
 CVE-2020-27218
all versions
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP
4.8MEDIUM
 CVE-2019-12399
all versions
When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config pro
7.5HIGH
 CVE-2018-17196
>= 0.11.0.0 and <= 2.1.0
In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction
8.8HIGH
 CVE-2018-1288
> 0.9.0.0 and <= 0.9.0.1
In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform a
5.4MEDIUM
 CVE-2017-12610
>= 0.10.0.0 and <= 0.10.2.1
In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually cr
6.8MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin