PatchSiren

strimzi CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH strimzi CVE published 2026-02-21

CVE-2026-27134

The Strimzi Kafka Operator is vulnerable to an mTLS authentication bypass due to incorrect configuration of trusted certificates for mTLS authentication on internal and user-configured listeners. This issue affects users with a custom Cluster or Clients CA with a multistage CA chain consisting of multiple CAs. The vulnerability has been fixed in version 0.50.1. Users can work around this issue by providin [truncated]