ByteOS Network

KrakenD-CE

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-3206

Assigner-e5bd9809-e237-4575-952b-81f8a96826ee

View Details

Assigner-e5bd9809-e237-4575-952b-81f8a96826ee

CVSS Score-1.3||LOW

EPSS-0.04% / 12.58%

7 Day CHG~0.00%

Published-25 Feb, 2026 | 15:12

Updated-27 Feb, 2026 | 14:06

Improper management of context cancelations

Improper Resource Shutdown or Release vulnerability in KrakenD, SLU KrakenD-CE (CircuitBreaker modules), KrakenD, SLU KrakenD-EE (CircuitBreaker modules). This issue affects KrakenD-CE: before 2.13.1; KrakenD-EE: before 2.12.5.

Vendor-KrakenD

Product-KrakenD-CE KrakenD-EE

CWE ID-CWE-404

Improper Resource Shutdown or Release

CVE-2022-1561

Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)

View Details

Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)

CVSS Score-4||MEDIUM

EPSS-0.19% / 41.12%

7 Day CHG~0.00%

Published-01 Aug, 2022 | 12:47

Updated-17 Sep, 2024 | 02:16

Crafted backend URLs in Lura Project

Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE versions older than v2.0.0 do not sanitize URL parameters correctly, allowing a malicious user to alter the backend URL defined for a pipe when remote users send crafty URL requests. The vulnerability does not affect KrakenD itself, but the consumed backend might be vulnerable.

Vendor-krakend luraproject KrakenD

Product-krakend lura Lura Project KrakenD-EE KrakenD-CE

CWE ID-CWE-471

Modification of Assumed-Immutable Data (MAID)