Aiven-Open Karapace vulnerabilities
2 known vulnerabilities affecting aiven-open/karapace.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-61673P2HIGHCVSS 8.6v>= 5.0.0, < 5.0.22025-10-03
CVE-2025-61673 [HIGH] CWE-288 CVE-2025-61673: Karapace is an open-source implementation of Kafka REST and Schema Registry. Versions 5.0.0 and 5.0.
Karapace is an open-source implementation of Kafka REST and Schema Registry. Versions 5.0.0 and 5.0.1 contain an authentication bypass vulnerability when configured to use OAuth 2.0 Bearer Token authentication. If a request is sent without an Authorization header, the token validation logic is skipped entirely, allowing an unauthenticated user to read
nvd
CVE-2026-29190P4MEDIUMCVSS 5.3fixed in 6.0.02026-03-07
CVE-2026-29190 [MEDIUM] CWE-22 CVE-2026-29190: Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0,
Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader (backup/backends/v3/backend.py). If a malicious backup file is provided to Karapace, an attacker may exploit insufficient path validation to perform arbitrary file read on the system where K
nvd