CVE-2026-27133

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Strimzi versions 0.47.0 through 0.50.1

Description Strimzi allows running an Apache Kafka cluster on Kubernetes or OpenShift. When multiple Certificate Authority (CA) certificates are used in the trusted certificates configuration of a Kafka Connect operand or a Kafka MirrorMaker 2 operand’s target cluster, all certificates within the CA chain are individually trusted when connecting to the Apache Kafka cluster. This can lead to the affected operand accepting connections from Kafka brokers using server certificates signed by any CA in the chain, rather than only the final CA.

Recommendations Update to version 0.50.1 or later.

Exploit

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295CWE-296

Related Identifiers

CVE-2026-27133

GHSA-6X85-J2F7-4XC5

Affected Products

Apache Kafka

Kafka Connect

Kafka Mirrormaker 2

Kubernetes

Openshift

Strimzi

CVE-2026-27133

Weakness Enumeration

Related Identifiers

Affected Products

References · 8