It must be mentioned again how speedy KrakenD folks are to responding and how helpful it is. It feels like we're working with a team that works here in Paylocity
Dannie Walker
Senior Software Engineer / Paylocity
CVE-2026-27143
High
· CVSS 7.5
False Positivecmd/compile). KrakenD
distributes pre-compiled binaries and does not compile Go code at runtime. End users
running KrakenD as a gateway are not affected by this issue.Addressed through routine dependency maintenance in CE 2.13.4 and EE 2.13.2.
Component
Go standard library (cmd/compile)
Disclosed
Apr 8, 2026
CVSS Score
7.5
cmd/compile compiler can occur following bound
check elimination optimizations. Under specific code patterns, the compiler may
eliminate a necessary array bounds check, producing a binary with potential
out-of-bounds memory access at runtime.Stay up to date with KrakenD releases and important updates