pkg:Maven/org.apache.kafka:kafka-clients

All known vulnerabilities

• CRITICAL9.1CVE-2026-33557Apache Kafka does not validate JWT tokens in its OAUTHBEARER authentication implementation
  >= 4.1.0, < 4.1.2
• HIGH8.7CVE-2026-35554Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Condition
  >= 2.8.0, < 3.9.2
• HIGH7.5CVE-2025-27817Apache Kafka Client Arbitrary File Read and Server Side Request Forgery Vulnerability
  >= 3.1.0, < 3.9.1
• MEDIUM6.8Improper Authentication in Apache Kafka
  >= 0.10.0.0, < 0.10.2.2
• MEDIUM6.5Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider
  >= 2.3.0, < 3.7.1
• MEDIUM5.9Observable Discrepancy in Apache Kafka
  >= 2.0.0, < 2.6.3
• MEDIUM5.3Apache Kafka exposes sensitive information in its DEBUG logs
  >= 0.11.0, < 3.9.2