News KrakenD Partners with Digital Platform Solutions to Expand Reach in Pakistan

Products
Community Edition
Open Source API Gateway Free to use The high-performance open source API gateway, free to use and trusted by thousands of teams.
Enterprise Edition
API Gateway Enterprise-Grade with SLAs Production-grade gateway with security, governance, and 24/7 support backed by SLAs.
AI Gateway Same Gateway, Now for AI LLM routing, prompt guardrails, token budgets, and a built-in MCP server, all from one gateway.
It must be mentioned again how speedy KrakenD folks are to responding and how helpful it is. It feels like we're working with a team that works here in Paylocity
Dannie Walker
Senior Software Engineer, Paylocity
Compare Open Source VS Enterprise
Contact Sales Watch a demo
Solutions
E-Government
For Governments & Public Sector
Modernize citizen services with fully on-prem, air-gapped APIs, without compromising data sovereignty.
Open Banking
For Banks & Financial Institutions
Expose open banking APIs with strict governance, predictable performance, and zero loss of control.
E-Commerce
For Digital Commerce Platforms
Increase conversions and scale traffic safely with low-latency APIs built for revenue-critical workloads.
KrakenD played a vital role in our API transformation journey by protecting our business platforms boundary and exposing the business capabilities in a standard way to both internal and external audience.
Stefano Leopizzi
Enterprise Architecture, lastminute.com
More industries and real-world examples: Case studies
Contact Sales Watch a demo
Resources
Knowledge Hub
Training & Certification
Documentation
Support
Security Advisories
Developer Tools
Designer
Community Playground
Enterprise Playground
Company
About us
Blog
KrakenD played a vital role in our API transformation journey by protecting our business platforms boundary and exposing the business capabilities in a standard way to both internal and external audience.
Stefano Leopizzi
Enterprise Architecture, lastminute.com
Compare Open Source VS Enterprise
Contact Sales Watch a demo
Partners
Docs

Partners
Docs
Compare Open Source VS Enterprise
Contact Sales
Downloads
KrakenD played a vital role in our API transformation journey by protecting our business platforms boundary and exposing the business capabilities in a standard way to both internal and external audience.
Stefano Leopizzi
Enterprise Architecture / lastminute.com

CVE-2026-33814 High · CVSS 7.5 Low Impact

net/http: Infinite Loop in HTTP/2 Transport via Zero SETTINGS_MAX_FRAME_SIZE

Limited exploitability

Exploiting this CVE requires an uncommon setup or configuration. Upgrading is still recommended when possible.

Exploitation requires a malicious or compromised HTTP/2 backend server that sends an invalid SETTINGS_MAX_FRAME_SIZE=0 frame. KrakenD acts as an HTTP/2 client when backend connections use the HTTP/2 protocol. Deployments whose backends are accessible only over trusted internal networks are at lower risk.

Component

Go standard library (net/http)

Disclosed

May 11, 2026

CVSS Score

7.5

Description

Go’s HTTP/2 transport enters an infinite loop writing CONTINUATION frames when it receives a SETTINGS_MAX_FRAME_SIZE value of 0 from a server. A malicious or compromised HTTP/2 backend server can exploit this to hang the KrakenD request handler goroutine indefinitely, exhausting goroutine pool resources and causing denial of service.

Version summary

Community Edition

2.13.5

addresses this CVE

Affected CE versions

>= 2.0, < 2.13.5

Enterprise Edition

2.13.3

addresses this CVE

Affected EE versions

>= 2.0, < 2.13.3

Upgrade to the addressed version or later to remediate this vulnerability.

References

View CVE-2026-33814 on Go Issue Tracker

Stay up to date with KrakenD releases and important updates