News Dropping plugin support in KrakenD Open Source and Lura

Products
Community Edition
Open Source API Gateway Free to use The high-performance open source API gateway, free to use and trusted by thousands of teams.
Enterprise Edition
API Gateway Enterprise-Grade with SLAs Production-grade gateway with security, governance, and 24/7 support backed by SLAs.
AI Gateway Same Gateway, Now for AI LLM routing, prompt guardrails, token budgets, and a built-in MCP server, all from one gateway.
We began by creating a model with the community version to assess its capabilities. Once we confirmed that this tool met our needs, we opted for an enterprise license. Simply to benefit from tools that facilitate integration into our model and address specific requirements of our architecture in terms of security, data transformation, and authentication management.
Nicolas Gabetty
Senior Engineer, Coop Atlantique
Compare Open Source VS Enterprise
Contact Sales Watch a demo
Solutions
E-Government
For Governments & Public Sector
Modernize citizen services with fully on-prem, air-gapped APIs, without compromising data sovereignty.
Open Banking
For Banks & Financial Institutions
Expose open banking APIs with strict governance, predictable performance, and zero loss of control.
E-Commerce
For Digital Commerce Platforms
Increase conversions and scale traffic safely with low-latency APIs built for revenue-critical workloads.
We began by creating a model with the community version to assess its capabilities. Once we confirmed that this tool met our needs, we opted for an enterprise license. Simply to benefit from tools that facilitate integration into our model and address specific requirements of our architecture in terms of security, data transformation, and authentication management.
Nicolas Gabetty
Senior Engineer, Coop Atlantique
More industries and real-world examples: Case studies
Contact Sales Watch a demo
Resources
Knowledge Hub
Training & Certification
Documentation
Support
Security Advisories
Developer Tools
Designer
Community Playground
Enterprise Playground
Company
About us
Blog
Flexibility, performance and robustness are defining KrakenD just to name a few, we were able to quickly and easily build a robust gateway for our systems and we keep enjoying it everyday.
Samy Lastmann
CTO, Smart Tribune
Compare Open Source VS Enterprise
Contact Sales Watch a demo
Partners
Docs

Partners
Docs
Compare Open Source VS Enterprise
Contact Sales
Downloads
KrakenD allowed us to focus on our backend and deploy a secure and performant system in a few days. After more than 2 years of use in production and 0 crash or malfunction, it also has proven its robustness
Jonathan Muller
CTO / Openroom Inc.

CVE-2026-33186 High · CVSS 7.5 False Positive

grpc: Authorization Bypass via Custom Interceptors or Per-RPC Plugins

This CVE does not affect KrakenD

KrakenD’s gRPC server feature does not use custom interceptors, per-RPC authorization, or the other advanced gRPC server capabilities required to trigger this vulnerability. The affected code paths in the gRPC library are never reached during normal KrakenD operation. The dependency was upgraded as a precaution.

Addressed through routine dependency maintenance in CE 2.13.3 and EE 2.13.1.

Component

gRPC

Disclosed

Mar 19, 2026

CVSS Score

7.5

Description

A vulnerability was identified in the gRPC library. Despite its critical CVSS categorisation, the specific attack vectors require the use of custom interceptors, authorization plugins, or other advanced gRPC server configuration that KrakenD does not employ. See the Tenable CVE record for full technical disclosure.

References

View CVE-2026-33186 on Tenable

Stay up to date with KrakenD releases and important updates