Skip to main content

Kafka

10 CVEs product

Monthly

CVE-2025-27819 Maven HIGH PATCH This Week

A remote code execution vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Denial Of Service Apache Java RCE Authentication Bypass +3
NVD GitHub HeroDevs
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-27818 Maven HIGH PATCH This Week

A remote code execution vulnerability in A possible security vulnerability (CVSS 8.8). High severity vulnerability requiring prompt remediation.

Deserialization Java Apache LDAP RCE +3
NVD GitHub HeroDevs
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-27817 Maven HIGH POC PATCH THREAT Act Now

A SSRF vulnerability in A possible arbitrary file read and SSRF vulnerability (CVSS 7.5) that allows clients. Risk factors: EPSS 17% exploitation probability.

Apache SSRF Kafka Red Hat Suse
NVD HeroDevs GitHub
CVSS 3.1
7.5
EPSS
17.5%
CVE-2024-56128 Maven MEDIUM PATCH This Month

Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Microsoft Kafka
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2024-31141 Maven MEDIUM PATCH This Month

Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache Kafka
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-27309 Maven HIGH PATCH This Week

While an Apache Kafka cluster is being migrated from ZooKeeper mode to KRaft mode, in some cases ACLs will not be correctly enforced. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Apache Kafka
NVD
CVSS 3.1
7.4
EPSS
1.1%
CVE-2022-34917 Maven HIGH PATCH This Week

A security vulnerability has been identified in Apache Kafka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Kafka
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-38153 Maven MEDIUM PATCH This Month

Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Apache Information Disclosure Kafka Quarkus Communications Brm Elastic Charging Engine +5
NVD
CVSS 3.1
5.9
EPSS
5.8%
CVE-2020-27218 Maven MEDIUM PATCH This Month

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Code Injection Jetty Oncommand System Manager Snap Creator Framework Blockchain Platform +13
NVD GitHub
CVSS 3.1
4.8
EPSS
8.1%
CVE-2018-1288 Maven MEDIUM PATCH This Month

In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Kafka Jboss Middleware Text Only Advisories Database +2
NVD
CVSS 3.1
5.4
EPSS
4.8%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A remote code execution vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Denial Of Service Apache Java +5
NVD GitHub HeroDevs
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability in A possible security vulnerability (CVSS 8.8). High severity vulnerability requiring prompt remediation.

Deserialization Java Apache +5
NVD GitHub HeroDevs
EPSS 17% CVSS 7.5
HIGH POC PATCH THREAT Act Now

A SSRF vulnerability in A possible arbitrary file read and SSRF vulnerability (CVSS 7.5) that allows clients. Risk factors: EPSS 17% exploitation probability.

Apache SSRF Kafka +2
NVD HeroDevs GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Microsoft +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache Kafka
NVD
EPSS 1% CVSS 7.4
HIGH PATCH This Week

While an Apache Kafka cluster is being migrated from ZooKeeper mode to KRaft mode, in some cases ACLs will not be correctly enforced. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Apache Kafka
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A security vulnerability has been identified in Apache Kafka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Kafka
NVD
EPSS 6% CVSS 5.9
MEDIUM PATCH This Month

Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Apache Information Disclosure Kafka +7
NVD
EPSS 8% CVSS 4.8
MEDIUM PATCH This Month

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Code Injection Jetty Oncommand System Manager +15
NVD GitHub
EPSS 5% CVSS 5.4
MEDIUM PATCH This Month

In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Kafka +4
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy