Vulnerability in Krakend Krakend-ce

CVE-2026-3206

Improper Resource Shutdown or Release vulnerability in KrakenD, SLU KrakenD-CE (CircuitBreaker modules), KrakenD, SLU KrakenD-EE (CircuitBreaker modules). This issue affects KrakenD-CE: before 2.13.1; KrakenD-EE: before 2.12.5.

EPSS: 0.001 (19.6th percentile) — read the EPSS interpretation.

Affected products

Krakend Krakend-ce — versions 0
Krakend Krakend-ee — versions 0

Weakness classification (CWE)

CWE-404 — Improper Resource Shutdown or Release

References

www.krakend.io/blog/krakend-ee-2.12.5-release-notes/ (vendor-advisory, patch)
www.krakend.io/blog/krakend-2.13.1-release-notes/ (patch, vendor-advisory)