CVE-2026-27133

Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. From 0.47.0 to before 0.50.1, when a chain consisting of multiple CA (Certificate Authority) certificates is used in the trusted certificates configuration of a Kafka Connect operand or of the target cluster in the Kafka MirrorMaker 2 operand, all of the certificates that are part of the CA chain will be trusted individually when connecting to the Apache Kafka cluster. Due to this error, the affected operand (Kafka Connect or Kafka MirrorMaker 2) might accept connections to Kafka brokers using server certificates signed by one of the other CAs in the CA chain and not just by the last CA in the chain. This issue is fixed in Strimzi 0.50.1.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.7 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/strimzi/strimzi-kafka-operator/releases/tag/0.50.1	Product Release Notes
https://github.com/strimzi/strimzi-kafka-operator/security/advisories/GHSA-6x85-j2f7-4xc5	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:linuxfoundation:strimzi:*:*:*:*:*:*:*:*

History

27 Feb 2026, 21:48

Type	Values Removed	Values Added
CPE	cpe:2.3:a:linuxfoundation:strimzi_kafka_operator::::::::	cpe:2.3:a:linuxfoundation:strimzi::::::::
First Time		Linuxfoundation strimzi

25 Feb 2026, 18:54

Type	Values Removed	Values Added
References	~~() https://github.com/strimzi/strimzi-kafka-operator/releases/tag/0.50.1 -~~	() https://github.com/strimzi/strimzi-kafka-operator/releases/tag/0.50.1 - Product, Release Notes
References	~~() https://github.com/strimzi/strimzi-kafka-operator/security/advisories/GHSA-6x85-j2f7-4xc5 -~~	() https://github.com/strimzi/strimzi-kafka-operator/security/advisories/GHSA-6x85-j2f7-4xc5 - Vendor Advisory
CPE		cpe:2.3:a:linuxfoundation:strimzi_kafka_operator::::::::
First Time		Linuxfoundation Linuxfoundation strimzi Kafka Operator
Summary		(es) Strimzi proporciona una forma de ejecutar un clúster de Apache Kafka en Kubernetes u OpenShift en varias configuraciones de despliegue. Desde la versión 0.47.0 hasta antes de la 0.50.1, cuando se utiliza una cadena que consta de múltiples certificados de CA (Autoridad de Certificación) en la configuración de certificados de confianza de un operando de Kafka Connect o del clúster de destino en el operando de Kafka MirrorMaker 2, todos los certificados que forman parte de la cadena de CA serán confiados individualmente al conectarse al clúster de Apache Kafka. Debido a este error, el operando afectado (Kafka Connect o Kafka MirrorMaker 2) podría aceptar conexiones a brokers de Kafka utilizando certificados de servidor firmados por una de las otras CA en la cadena de CA y no solo por la última CA de la cadena. Este problema está solucionado en Strimzi 0.50.1.

20 Feb 2026, 23:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-20 23:16

Updated : 2026-02-27 21:48

NVD link : CVE-2026-27133

Mitre link : CVE-2026-27133

CVE.ORG link : CVE-2026-27133

JSON object : View

Products Affected

linuxfoundation

strimzi

CWE

CWE-295

Improper Certificate Validation

CWE-296

Improper Following of a Certificate's Chain of Trust

5.9 /10