News KrakenD Partners with Digital Platform Solutions to Expand Reach in Pakistan

CVE-2026-3206 Medium · CVSS 6.5 Medium Impact

backend/circuit-breaker: Uncontrolled Context Cancellation Causes Cascading Request Failures

Exploitable under specific conditions

This CVE can affect KrakenD under specific conditions. Review the affected versions below and upgrade if your deployment is exposed.

This CVE only affects deployments using KrakenD’s Circuit Breaker feature (backend/circuit-breaker in the configuration). Instances with no circuit breaker configured are not exposed to this vulnerability.

Component

Circuit Breaker

Disclosed

Feb 18, 2026

CVSS Score

6.5

Description

A vulnerability was identified in the Circuit Breaker component used by KrakenD. The vulnerability could lead to uncontrolled context cancellations, which can cascade through the system under load causing unexpected request failures and degraded service availability. Upgrading to CE 2.13.1 or EE 2.12.5 addresses the issue.

Version summary

Community Edition

2.13.1

addresses this CVE

Affected CE versions

>= 2.0, < 2.13.1

Enterprise Edition

2.12.5

addresses this CVE

Affected EE versions

>= 2.0, < 2.12.5

Upgrade to the addressed version or later to remediate this vulnerability.

References

View CVE-2026-3206 on CVE.org

Stay up to date with KrakenD releases and important updates