Known Vulnerabilities for Zookeeper by Apache
Listed below are 10 of the newest known vulnerabilities associated with "Zookeeper" by "Apache".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-41862 json | Spring Statemachine's Kryo-based persistence backends (JPA, MongoDB, Redis and ZooKeeper) deserialise persisted state-machine... | Not Provided | 2026-06-23 | 2026-06-24 |
| CVE-2026-40557 json | Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter Versions Affected: fro... | Not Provided | 2026-04-27 | 2026-04-30 |
| CVE-2026-24308 json | Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker... | Not Provided | 2026-03-07 | 2026-07-03 |
| CVE-2026-24281 json | Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validation fails, allowi... | Not Provided | 2026-03-07 | 2026-07-03 |
| CVE-2026-11746 json | A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling ZooKeeper replication wit... | Not Provided | 2026-06-22 | 2026-06-22 |
| CVE-2023-44981 json | Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is ena... | 9.1 - CRITICAL | 2023-10-11 | 2023-11-01 |
| CVE-2021-34429 json | For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to... | 5.3 - MEDIUM | 2021-07-15 | 2023-11-07 |
| CVE-2021-29425 json | In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../f... | 4.8 - MEDIUM | 2021-04-13 | 2023-11-07 |
| CVE-2021-28169 json | For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly en... | 5.3 - MEDIUM | 2021-06-09 | 2023-11-07 |
| CVE-2021-28165 json | In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receivi... | 7.5 - HIGH | 2021-04-01 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Zookeeper | 3.6.2-1 | |||
| Application | Apache | Zookeeper | 3.6.2-0 | |||
| Application | Apache | Zookeeper | 3.6.2 | |||
| Application | Apache | Zookeeper | 3.6.1-1 | |||
| Application | Apache | Zookeeper | 3.6.1-0 | |||
| Application | Apache | Zookeeper | 3.6.1 | |||
| Application | Apache | Zookeeper | 3.6.0-4 | |||
| Application | Apache | Zookeeper | 3.6.0-3 | |||
| Application | Apache | Zookeeper | 3.6.0-2 | |||
| Application | Apache | Zookeeper | 3.6.0-1 | |||
| Application | Apache | Zookeeper | 3.6.0-0 | |||
| Application | Apache | Zookeeper | 3.6.0 | |||
| Application | Apache | Zookeeper | 3.5.8 | |||
| Application | Apache | Zookeeper | 3.5.8 | |||
| Application | Apache | Zookeeper | 3.5.7 | |||
| Application | Apache | Zookeeper | 3.5.7 | |||
| Application | Apache | Zookeeper | 3.5.7 | |||
| Application | Apache | Zookeeper | 3.5.7 | |||
| Application | Apache | Zookeeper | 3.5.6 | |||
| Application | Apache | Zookeeper | 3.5.6 |