KrakenD played a vital role in our API transformation journey by protecting our business platforms boundary and exposing the business capabilities in a standard way to both internal and external audience.
Stefano Leopizzi
Enterprise Architecture / lastminute.com
CVE-2026-32281
Medium
· CVSS 5.3
Medium ImpactThis CVE can affect KrakenD under specific conditions. Review the affected versions below and upgrade if your deployment is exposed.
Component
Go standard library (crypto/x509)
Disclosed
Apr 8, 2026
CVSS Score
5.3
crypto/x509 certificate policy validation algorithm has poor time complexity
when processing specially crafted policy constraint structures within X.509 certificates.
An attacker able to present such a certificate chain during a TLS handshake can cause
the server to expend excessive CPU resources during policy graph traversal, potentially
leading to denial of service.Community Edition
2.13.4
addresses this CVE
Affected CE versions
>= 2.0, < 2.13.4
Enterprise Edition
2.13.2
addresses this CVE
Affected EE versions
>= 2.0, < 2.13.2
Upgrade to the addressed version or later to remediate this vulnerability.
Stay up to date with KrakenD releases and important updates