Vulnerability in Apache Software Foundation Kafka
CVE-2026-33557
A possible security vulnerability has been identified in Apache Kafka. By default, the broker property `sasl.oauthbearer.jwt.validator.class` is set to `org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator`. It accepts any JWT…
EPSS: 0.002 (45.1th percentile) — read the EPSS interpretation.
Affected products
- Apache Software Foundation Kafka — versions 4.1.0
Weakness classification (CWE)
References
- kafka.apache.org/cve-list (vendor-advisory)
- lists.apache.org/thread/v57o00hm6yszdpdnvqx2ss4561yh953h (mailing-list)