Known Vulnerabilities for Apache Kafka by Apache Software Foundation
Listed below are 10 of the newest known vulnerabilities associated with "Apache Kafka" by "Apache Software Foundation".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-49098 json | Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')... | Not Provided | 2026-07-06 | 2026-07-07 |
| CVE-2026-46584 json | Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Camel Mail Comp... | Not Provided | 2026-07-06 | 2026-07-06 |
| CVE-2026-45080 json | Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control... | Not Provided | 2026-06-02 | 2026-06-02 |
| CVE-2026-44367 json | Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists ... | Not Provided | 2026-06-02 | 2026-06-02 |
| CVE-2026-41731 json | JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trusted packages using a prefi... | Not Provided | 2026-06-10 | 2026-06-30 |
| CVE-2026-41727 json | Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. ... | Not Provided | 2026-06-10 | 2026-06-27 |
| CVE-2026-41726 json | When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending record... | Not Provided | 2026-06-10 | 2026-06-27 |
| CVE-2026-41115 json | An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMER_GROUP_DESCRI... | Not Provided | 2026-06-02 | 2026-06-02 |
| CVE-2026-33558 json | Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire reque... | Not Provided | 2026-04-20 | 2026-04-20 |
| CVE-2026-33557 json | A possible security vulnerability has been identified in Apache Kafka. By default, the broker property `sasl.oauthbearer.jwt... | Not Provided | 2026-04-20 | 2026-06-30 |