Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Karapace backup reader can read unauthorized system files
CVE-2026-29190
Summary
Karapace, a Kafka REST and Schema Registry tool, has a security issue that allows an attacker to read files they shouldn't have access to if a malicious backup file is uploaded. If you're using Karapace's backup and restore feature, make sure to update to version 6.0.0 or later to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| aiven | karapace | <= 6.0.0 | – |
Original title
Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader (backup/backends/v3/backend.py). If...
Original description
Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader (backup/backends/v3/backend.py). If a malicious backup file is provided to Karapace, an attacker may exploit insufficient path validation to perform arbitrary file read on the system where Karapace is running. The issue affects deployments that use the backup/restore functionality and process backups from untrusted sources. The impact depends on the file system permissions of the Karapace process. This issue has been patched in version 6.0.0.
nvd CVSS3.1
4.1
Vulnerability type
CWE-22
Path Traversal
Published: 7 Mar 2026 · Updated: 13 Mar 2026 · First seen: 7 Mar 2026