Changeflow GovPing Data Privacy & Cybersecurity Multiple Vulnerabilities in Apache Kafka Allow ...
Priority review Notice Added Final

Multiple Vulnerabilities in Apache Kafka Allow Data Breach

Favicon for www.cert.ssi.gouv.fr CERT-FR Security Advisories
Published
Detected
Email

Summary

CERT-FR issued a security advisory warning of multiple vulnerabilities in Apache Kafka (CVE-2026-33557 and CVE-2026-33558) discovered from the Apache Kafka security bulletin dated 17 April 2026. The vulnerabilities affect Kafka Clients versions 4.0.x prior to 4.0.1, 4.1.x prior to 4.1.2, and versions prior to 3.9.2, as well as Kafka versions 4.1.x prior to 4.1.2. An attacker could exploit these flaws to cause a data confidentiality breach and bypass security policies. Organizations using affected versions should refer to the Apache Kafka CVE list for available patches.

“De multiples vulnérabilités ont été découvertes dans Apache Kafka.”

CERT-FR , verbatim from source
Published by CERT-FR on cert.ssi.gouv.fr . Detected, standardized, and enriched by GovPing. Review our methodology and editorial standards .
View original document View source feed page

What changed

CERT-FR published a security advisory identifying multiple vulnerabilities in Apache Kafka that expose affected systems to data confidentiality breaches and security policy bypass. The vulnerabilities apply to Kafka Clients versions 4.0.x before 4.0.1, 4.1.x before 4.1.2, and before 3.9.2, as well as Kafka versions 4.1.x before 4.1.2. The agency references Apache Kafka CVE list and CVE-2026-33557 and CVE-2026-33558 as the underlying vulnerability identifiers.

Organizations running Apache Kafka deployments should identify affected versions in their environments and obtain patches from the vendor's security bulletin. Security teams should prioritize remediation given the data breach and security bypass implications of these vulnerabilities.

What to do next

  1. Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs

Archived snapshot

Apr 20, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

Premier Ministre S.G.D.S.N

Agence nationale
de la sécurité des
systèmes d'information

Paris, le 20 avril 2026 N° CERTFR-2026-AVI-0461 Affaire suivie par: CERT-FR

Avis du CERT-FR

Objet: Multiples vulnérabilités dans Apache Kafka

Gestion du document

| Référence | CERTFR-2026-AVI-0461 |
| Titre | Multiples vulnérabilités dans Apache Kafka |
| Date de la première version | 20 avril 2026 |
| Date de la dernière version | 20 avril 2026 |
| Source(s) | Bulletin de sécurité Apache Kafka cve-list du 17 avril 2026 |
Une gestion de version détaillée se trouve à la fin de ce document.

Risques

  • Atteinte à la confidentialité des données
  • Contournement de la politique de sécurité

Systèmes affectés

  • Kafka Clients versions 4.0.x antérieures à 4.0.1
  • Kafka Clients versions 4.1.x antérieures à 4.1.2
  • Kafka Clients versions antérieures à 3.9.2
  • Kafka versions 4.1.x antérieures à 4.1.2

Résumé

De multiples vulnérabilités ont été découvertes dans Apache Kafka. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Documentation

Gestion détaillée du document

  1. le 20 avril 2026 Version initiale

Related changes

Favicon for www.cert.ssi.gouv.fr Apache Kafka Vulnerability CVE-2026-35554 Affects Data Confidentiality and Integrity
Priority review Apr 16, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Multiple Linux Kernel Vulnerabilities in Ubuntu, Privilege Escalation and Data Breach Risk
Priority review Apr 17, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Multiple Vulnerabilities in Google Chrome
Priority review Apr 16, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity

Get daily alerts for CERT-FR Security Advisories

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.cert.ssi.gouv.fr
CERT-FR Security Advisories cert.ssi.gouv.fr/avis
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from CERT-FR.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
CERT-FR
Published
April 20th, 2026
Instrument
Notice
Branch
Executive
Source language
fr
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Technology companies Manufacturers
Industry sector
5112 Software & Technology
Activity scope
Vulnerability patching Security advisory response
Geographic scope
France FR

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Privacy Software & Technology

Browse Categories

Agriculture & Food Safety 73 Banking & Finance 402 Consumer Protection 87 Courts & Legal 408 Data Privacy & Cybersecurity 84 Defense & National Security 53 Education 55 Energy 100 Environment 151 Gaming 2 Government & Legislation 428 Healthcare 15 Healthcare & Life Sciences 372 Immigration 10 Insurance 74 Labor & Employment 132 Pharma & Drug Safety 21 Professional Licensing 7 Real Estate & Housing 76 Securities & Markets 149 Tax 76 Telecom & Technology 50 Trade & Sanctions 141 Transportation 91

Get alerts for this source

We'll email you when CERT-FR Security Advisories publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!