Openshift-Serverless-1 Kn-Ekb-Dispatcher-Rhel9 vulnerabilities

CVE-2026-33557 [CRITICAL] CWE-303 kafka: Apache Kafka: Authentication bypass via improper JWT validation kafka: Apache Kafka: Authentication bypass via improper JWT validation A flaw was found in Apache Kafka. By default, the `sasl.oauthbearer.jwt.validator.class` property is set to `org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator`, which does not validate JSON Web Token (JWT) signatures, issuers, or audiences. A remote attacker can exploit this by crafting a malicious JWT toke

CVE-2026-35554 [HIGH] CWE-367 Apache Kafka Clients: Apache Kafka Clients: Information disclosure and data corruption due to race condition in producer buffer management Apache Kafka Clients: Apache Kafka Clients: Information disclosure and data corruption due to race condition in producer buffer management A flaw was found in the Apache Kafka Java producer client. A race condition in the client's buffer pool management can cause messages to be silently delivered to incorrect topics. This occurs