Vulnerability in Apache Software Foundation Kafka

CVE-2026-33558

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level…

EPSS: 0.002 (37.8th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Kafka — versions 0.11.0, 4.0.0
Apache Software Foundation Kafka Clients — versions 0.11.0, 4.0.0

Weakness classification (CWE)

CWE-533

References

kafka.apache.org/cve-list (vendor-advisory)
lists.apache.org/thread/pz5g4ky3h0k91tfd14p0dzqjp80960kl (mailing-list)