Apache Kafka: 2.6.3 → 3.9.1
Apache · upgrade impact · Official site ↗
Fixed by upgrading to 3.9.1 iVulnerabilities that affect 2.6.3 but no longer affect 3.9.1 — the security gain from this upgrade, by exploited status then exploitation probability.
Exploited first, then by exploitation probability (EPSS).
CVE-2025-27819 HIGH EPSS 1% ✓ cleared in 3.9.1 CVE-2025-27818 HIGH EPSS 1% ✓ cleared in 3.9.1 CVE-2024-56128 MEDIUM EPSS 1% ✓ cleared in 3.9.1 CVE-2024-31141 MEDIUM EPSS 0% ✓ cleared in 3.9.1Still open in 3.9.1 iKnown vulnerabilities that affect 3.9.1 too — upgrading to it does not clear these.
These affect 3.9.1 as well — a later release may be needed.
CVE-2026-33558 MEDIUM EPSS 0% → fixed in 3.9.2