Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
5DescriptionGitHub Advisory
kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft sink for Azure Data Explorer (Kusto). Prior to 5.2.3, kafka-sink-azure-kusto did not sanitize user-controlled values inside the kusto.tables.topics.mapping configuration. The db, table, mapping, and format fields of each mapping entry were interpolated directly into KQL management/query commands via String.formatted(...) (e.g., FETCH_TABLE_COMMAND.formatted(table) → "<table> | count", FETCH_TABLE_MAPPING_COMMAND.formatted(table, format, mapping) → ".show table <table> ingestion <format> mapping '<mapping>'"). An actor able to influence the connector configuration (for example, someone with permissions to submit or edit Kafka Connect connector configs) could embed KQL metacharacters (;, |, ') to execute arbitrary management commands in the context of the connector's service principal - enabling schema enumeration/modification, ingestion-mapping tampering, or changes to streaming/retention policies on the target Azure Data Explorer database. This is a tampering vulnerability. Exploitation requires privileged access to the connector configuration; no end-user interaction or Kafka record payload is involved. This vulnerability is fixed in 5.2.3.
AnalysisAI
KQL injection in kafka-sink-azure-kusto Kafka Connect plugin prior to 5.2.3 allows authenticated administrators with Kafka Connect configuration permissions to inject arbitrary KQL management commands by embedding metacharacters in the kusto.tables.topics.mapping configuration fields (db, table, mapping, format). An attacker with connector configuration privileges could enumerate or modify schemas, tamper with ingestion mappings, or alter streaming and retention policies on the target Azure Data Explorer database using the connector's service principal credentials. The vulnerability is fixed in version 5.2.3 and has not been observed in active exploitation at the time of this analysis.
Technical ContextAI
The kafka-sink-azure-kusto plugin is a Kafka Connect sink that bridges Apache Kafka topics to Azure Data Explorer (Kusto) for data ingestion. The vulnerability stems from unsafe string interpolation of user-supplied configuration values into KQL (Kusto Query Language) commands. Specifically, the plugin used Java's String.formatted() method to directly embed the db, table, mapping, and format configuration parameters into KQL management and query commands without validation-for example, FETCH_TABLE_COMMAND.formatted(table) produces queries like 'table | count' where the table value is unvalidated. KQL, like SQL, uses metacharacters (;, |, ') as command separators and string delimiters, allowing an attacker to break out of the intended command context and inject arbitrary KQL statements. The root cause is classified as CWE-943 (Improper Neutralization of Special Elements in Data Query Logic), a variant of injection attack. The fix implements input validation using regex patterns that whitelist safe characters (alphanumeric, underscores, hyphens, dots for identifiers; alphanumeric only for format names) and reject any KQL metacharacters before interpolation.
RemediationAI
The primary remediation is to upgrade kafka-sink-azure-kusto to version 5.2.3 or later immediately. Microsoft released the patched version in a GitHub release (https://github.com/Azure/kafka-sink-azure-kusto/releases/tag/v5.2.3) with input validation that rejects KQL metacharacters. The fix implements regex-based validation on all configuration fields: database and table names must match ^[a-zA-Z0-9_.\-]+$ (alphanumeric, underscores, hyphens, dots), format names must match ^[a-zA-Z0-9]+$ (alphanumeric only), and mapping names follow the same pattern as identifiers. After patching, existing connector configurations with valid names will continue to function without modification. As a temporary compensating control pending upgrade, organizations should implement strict role-based access control (RBAC) on Kafka Connect configuration submission, limiting who can create or edit connector configurations to a small group of trusted administrators. Additionally, audit all current Kafka Connect connector configurations to ensure no suspicious metacharacters or command sequences exist in the kusto.tables.topics.mapping field, as an attacker may have already injected malicious commands. Monitor Azure Data Explorer audit logs for unexpected schema modifications, ingestion mapping changes, or management command execution in the period following the connector deployment.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29124