Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.1
Apache Kafka Remote Agent Constraint Extension Vulnerability
UBUNTU-CVE-2026-39832
Summary
Apache Kafka's remote agent extension allows attackers to execute arbitrary code when adding a key to a constraint. This vulnerability affects systems using the remote agent extension, potentially leading to unauthorized access and data breaches. To mitigate this issue, update to the latest version of Apache Kafka and ensure you are using the remote agent extension securely.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Ubuntu:Pro:16.04:LTS | canonical | golang-go.crypto | All versions |
| Ubuntu:Pro:16.04:LTS | canonical | lxd | All versions |
| Ubuntu:Pro:16.04:LTS | canonical | snapd | All versions |
| Ubuntu:Pro:16.04:LTS | canonical | google-guest-agent | All versions |
| Ubuntu:Pro:18.04:LTS | canonical | lxd | All versions |
| Ubuntu:Pro:18.04:LTS | canonical | snapd | All versions |
| Ubuntu:Pro:18.04:LTS | canonical | golang-go.crypto | All versions |
| Ubuntu:Pro:18.04:LTS | canonical | google-guest-agent | All versions |
| Ubuntu:Pro:20.04:LTS | canonical | google-guest-agent | All versions |
| Ubuntu:Pro:20.04:LTS | canonical | snapd | All versions |
| Ubuntu:Pro:20.04:LTS | canonical | golang-go.crypto | All versions |
| Ubuntu:22.04:LTS | canonical | google-guest-agent | All versions |
| Ubuntu:22.04:LTS | canonical | snapd | All versions |
| Ubuntu:Pro:22.04:LTS | canonical | golang-go.crypto | All versions |
| Ubuntu:24.04:LTS | canonical | google-guest-agent | All versions |
| Ubuntu:24.04:LTS | canonical | snapd | All versions |
| Ubuntu:Pro:24.04:LTS | canonical | golang-go.crypto | All versions |
| Ubuntu:25.10 | canonical | golang-go.crypto | All versions |
| Ubuntu:25.10 | canonical | google-guest-agent | All versions |
| Ubuntu:25.10 | canonical | snapd | All versions |
| Ubuntu:26.04:LTS | canonical | golang-go.crypto | All versions |
| Ubuntu:26.04:LTS | canonical | google-guest-agent | All versions |
| Ubuntu:26.04:LTS | canonical | snapd | All versions |
Original title
(When adding a key to a remote agent constraint extensions such as rest ...)
Original description
(When adding a key to a remote agent constraint extensions such as rest ...)
- https://ubuntu.com/security/CVE-2026-39832 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-39832 Third Party Advisory
- https://go.dev/issue/79435 Third Party Advisory
- https://go.dev/cl/778642 Third Party Advisory
- https://groups.google.com/g/golang-announce/c/a082jnz-LvI Third Party Advisory
- https://pkg.go.dev/vuln/GO-2026-5006 Third Party Advisory
Published: 22 May 2026 · Updated: 25 May 2026 · First seen: 22 May 2026