Flexibility, performance and robustness are defining KrakenD just to name a few, we were able to quickly and easily build a robust gateway for our systems and we keep enjoying it everyday.
Samy Lastmann
CTO /
Smart Tribune
CVE-2026-33186High
· CVSS 7.5
False Positive
grpc: Authorization Bypass via Custom Interceptors or Per-RPC Plugins
This CVE does not affect KrakenD
KrakenD’s gRPC server feature does not use custom interceptors, per-RPC authorization,
or the other advanced gRPC server capabilities required to trigger this vulnerability.
The affected code paths in the gRPC library are never reached during normal KrakenD
operation. The dependency was upgraded as a precaution.
Addressed through routine dependency maintenance in CE 2.13.3 and EE 2.13.1.
Component
gRPC
Disclosed
Mar 19, 2026
CVSS Score
7.5
Description
A vulnerability was identified in the gRPC library. Despite its critical CVSS
categorisation, the specific attack vectors require the use of custom interceptors,
authorization plugins, or other advanced gRPC server configuration that KrakenD does
not employ. See the Tenable CVE record for full technical disclosure.