Apache Kafka
3 CVEs affecting Apache Kafka. Latest disclosed: 2026-06-02. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-41115 | Medium | 4.3 | 2026-06-02 | An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMER_GROUP_DESCRIBE (69) API validates the DESCRIBE… |
CVE-2019-12399 | | 2020-01-14 | When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is cr… | |
CVE-2018-17196 | | 2019-07-11 | In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually craft a Produce request which bypasses transaction/idempotent ACL validation. O… |