We have implemented KrakenD and I must say that I am very impressed how easy the installation and configuration process has been. The documentation is one of the best I have ever seen.
Märt Suga
Software Architect / Single.Earth
CVE-2025-61731
High
· CVSS 7.5
False Positivecmd/go). KrakenD
distributes pre-compiled binaries and does not invoke go build at runtime.
End users running KrakenD as a gateway are not affected.Addressed through routine dependency maintenance in CE 2.12.1 and EE 2.12.3.
Component
Go standard library (cmd/go)
Disclosed
Jan 16, 2026
CVSS Score
7.5
#cgo pkg-config: directives inside Go source files to pass
flags to the underlying C compiler and linker. Insufficient sanitisation of these
directives allows an attacker who can contribute Go source to a cgo-enabled project
to inject arbitrary compiler or linker flags, potentially enabling arbitrary code
execution during the build.Stay up to date with KrakenD releases and important updates