CVE-2026-23529

Name of the Vulnerable Software and Affected Versions Kafka Connect BigQuery Connector versions prior to 2.11.0

Description The Kafka Connect BigQuery Connector, a sink connector from Apache Kafka to Google BigQuery, contains a flaw that could allow arbitrary file reads. This occurs because the service does not validate externally-sourced credential configurations before passing them to authentication libraries. An attacker can exploit this by providing a malicious credential configuration containing crafted credential source.file paths or credential source.url endpoints, potentially leading to arbitrary file reads or Server-Side Request Forgery (SSRF) attacks. The connector requires Google Cloud credential configurations for authentication to BigQuery services.

Recommendations Upgrade to version 2.11.0 or later.