Skip to content

CVE lookup

CVE-2026-33557

Pruva has a verified reproduction for CVE-2026-33557: Apache Kafka SASL/OAUTHBEARER accepts unvalidated JWTs. The canonical evidence record is REPRO-2026-00281.

REPRO

REPRO-2026-00281

Package

Apache Kafka · maven

Severity

CRITICAL

Status

published