TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2026-33558

MEDIUM
5.3

Beschreibung

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information will be exposed via the requests and responses output log. The entire lists of impacted requests and responses are: * AlterConfigsRequest * AlterUserScramCredentialsRequest * ExpireDelegationTokenRequest * IncrementalAlterConfigsRequest * RenewDelegationTokenRequest * SaslAuthenticateRequest * createDelegationTokenResponse * describeDelegationTokenResponse * SaslAuthenticateResponse This issue affects Apache Kafka: from any version supported the listed API above through v3.9.1, v4.0.0. We advise the Kafka users to upgrade to v3.9.2, v4.0.1, or later to avoid this vulnerability.

CVE Details

CVSS v3.1 Bewertung5.3
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht4/20/2026
Zuletzt geandert4/22/2026
Quellenvd
Honeypot-Sichtungen0

Betroffene Produkte

apache:kafka

Schwachen (CWE)

CWE-533

Referenzen

https://kafka.apache.org/cve-list(security@apache.org)
https://lists.apache.org/thread/pz5g4ky3h0k91tfd14p0dzqjp80960kl(security@apache.org)
http://www.openwall.com/lists/oss-security/2026/04/17/3(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.