Apache Kafka ↗
Apache · Infrastructure
97/100 Healthy
Summary iPlain-English security verdict for Apache Kafka, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.
Apache Kafka currently scores 97/100 — healthy. No tracked vulnerabilities are currently known to be exploited in the wild. The latest supported release is 4.3.0. It's on the latest patch with no significant known issues — keep it current.
Disclosure trend iNew CVEs published for Apache Kafka each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.
'19
'20
'21
'22
'23
'24
'25
'26
Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.
Most urgent first — actively exploited, then likeliest to be exploited.
CVE-2026-33557 CRITICAL CWE-1285 EPSS 0% → fixed in 4.1.2Versions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.
How long each Apache Kafka release line is supported — and when it sunsets.
4.3 latest 4.3.0 Supported
4.2 latest 4.2.1 Supported
4.1 latest 4.1.2 Supported
4.0 latest 4.0.2 Supported
3.9 latest 3.9.2 Supported
3.8 latest 3.8.1 End of life ended 2024-11-06
3.7 latest 3.7.2 End of life ended 2024-07-26
3.6 latest 3.6.2 End of life ended 2024-02-27
3.5 latest 3.5.2 End of life ended 2023-10-03
3.4 latest 3.4.1 End of life ended 2023-06-13
See all upcoming end-of-life dates →