We have implemented KrakenD and I must say that I am very impressed how easy the installation and configuration process has been. The documentation is one of the best I have ever seen.
Märt Suga
Software Architect / Single.Earth
CVE-2026-27139
Medium
· CVSS 6.5
Low ImpactExploiting this CVE requires an uncommon setup or configuration. Upgrading is still recommended when possible.
os.Root-based file traversal operations to incoming API
requests. File access through this code path occurs only during startup (configuration
loading) and is not reachable via external request inputs during normal operation.Component
Go standard library (os)
Disclosed
Mar 9, 2026
CVSS Score
6.5
os package allows a FileInfo value obtained through
os.Root methods to reference paths that escape the intended sandbox root boundary.
An attacker able to influence file path operations within a sandboxed root could access
or observe files outside the sandbox.Community Edition
2.13.2
addresses this CVE
Affected CE versions
>= 2.0, < 2.13.2
Enterprise Edition
2.13.0
addresses this CVE
Affected EE versions
>= 2.0, < 2.13.0
Upgrade to the addressed version or later to remediate this vulnerability.
Stay up to date with KrakenD releases and important updates