We began by creating a model with the community version to assess its capabilities. Once we confirmed that this tool met our needs, we opted for an enterprise license. Simply to benefit from tools that facilitate integration into our model and address specific requirements of our architecture in terms of security, data transformation, and authentication management.
Nicolas Gabetty
Senior Engineer / Coop Atlantique
CVE-2026-32952
High
· CVSS 7.5
High ImpactThis CVE is exploitable in typical deployments. Upgrade to the fixed version as soon as possible.
Component
auth/ntlm (go-ntlmssp)
Disclosed
May 11, 2026
CVSS Score
7.5
go-ntlmssp library used by KrakenD’s auth/ntlm component contains an
integer overflow that causes a slice out-of-bounds panic when a malicious NTLM
challenge message is received. Any Go process using ntlmssp.Negotiator as an
HTTP transport can be crashed by a malicious server sending a crafted NTLM
challenge, enabling unauthenticated denial of service against the KrakenD process.Community Edition
Not affected
Enterprise Edition
2.13.3
addresses this CVE
Affected EE versions
>= 2.0, < 2.13.3
Upgrade to the addressed version or later to remediate this vulnerability.
Stay up to date with KrakenD releases and important updates