CVE-2026-27134

Name of the Vulnerable Software and Affected Versions Strimzi versions 0.49.0 through 0.50.0

Description Strimzi allows running an Apache Kafka cluster on Kubernetes or OpenShift. Versions 0.49.0 through 0.50.0 incorrectly configure trusted certificates for mTLS authentication when using a custom Cluster or Clients CA with a multistage CA chain. This allows users with certificates signed by any CA in the chain to authenticate. The issue only affects users utilizing a custom Cluster or Clients CA with a multistage CA chain and does not impact those using Strimzi-managed CAs or a single custom CA.

Recommendations Versions 0.49.0 through 0.50.0: Upgrade to version 0.50.1 or later. Versions 0.49.0 through 0.50.0: Provide only the single CA that should be used instead of the full CA chain as the custom CA.