pkg:Bitnami/kafka

All known vulnerabilities

• CRITICAL9.1CVE-2026-33557Apache Kafka does not validate JWT tokens in its OAUTHBEARER authentication implementation
  >= 4.1.0, < 4.1.2
• HIGH8.8CVE-2025-27818Apache Kafka Deserialization of Untrusted Data vulnerability
  >= 2.3.0, < 3.9.1
• HIGH8.8CVE-2025-27819Apache Kafka Deserialization of Untrusted Data vulnerability
  >= 2.0.0, < 3.4.1
• HIGH7.5CVE-2025-27817Apache Kafka Client Arbitrary File Read and Server Side Request Forgery Vulnerability
  >= 3.1.0, < 3.9.1
• HIGH7.5CVE-2022-34917Unauthenticated clients may cause OutOfMemoryError on Apache Kafka Brokers
  >= 2.8.0, < 2.8.2, >= 3.0.0, < 3.0.2, >= 3.1.0, < 3.1.2, >= 3.2.0, < 3.2.3
• MEDIUM6.8CVE-2024-27309Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode
  >= 3.5.0, < 3.5.2, >= 3.6.0, < 3.6.2
• MEDIUM5.9CVE-2021-38153Observable Discrepancy in Apache Kafka
  >= 2.0.0, < 2.6.3, >= 2.7.0, < 2.7.2, >= 2.8.0, < 2.8.1
• MEDIUM5.3CVE-2026-33558Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output
  >= 0.11.0, < 3.9.2, >= 4.0.0, < 4.0.1
• MEDIUM5.3CVE-2024-56128Apache Kafka's SCRAM implementation Incorrectly Implements Authentication Algorithm
  >= 3.8.0, < 3.8.1, >= 0.10.2, < 3.7.2
• MEDIUM4.8CVE-2020-27218Buffer not correctly recycled in Gzip Request inflation
  >= 2.7.0, < 2.7.1