News KrakenD Partners with Digital Platform Solutions to Expand Reach in Pakistan

Products
Community Edition
Open Source API Gateway Free to use The high-performance open source API gateway, free to use and trusted by thousands of teams.
Enterprise Edition
API Gateway Enterprise-Grade with SLAs Production-grade gateway with security, governance, and 24/7 support backed by SLAs.
AI Gateway Same Gateway, Now for AI LLM routing, prompt guardrails, token budgets, and a built-in MCP server, all from one gateway.
It must be mentioned again how speedy KrakenD folks are to responding and how helpful it is. It feels like we're working with a team that works here in Paylocity
Dannie Walker
Senior Software Engineer, Paylocity
Compare Open Source VS Enterprise
Contact Sales Watch a demo
Solutions
E-Government
For Governments & Public Sector
Modernize citizen services with fully on-prem, air-gapped APIs, without compromising data sovereignty.
Open Banking
For Banks & Financial Institutions
Expose open banking APIs with strict governance, predictable performance, and zero loss of control.
E-Commerce
For Digital Commerce Platforms
Increase conversions and scale traffic safely with low-latency APIs built for revenue-critical workloads.
KrakenD played a vital role in our API transformation journey by protecting our business platforms boundary and exposing the business capabilities in a standard way to both internal and external audience.
Stefano Leopizzi
Enterprise Architecture, lastminute.com
More industries and real-world examples: Case studies
Contact Sales Watch a demo
Resources
Knowledge Hub
Training & Certification
Documentation
Support
Security Advisories
Developer Tools
Designer
Community Playground
Enterprise Playground
Company
About us
Blog
KrakenD played a vital role in our API transformation journey by protecting our business platforms boundary and exposing the business capabilities in a standard way to both internal and external audience.
Stefano Leopizzi
Enterprise Architecture, lastminute.com
Compare Open Source VS Enterprise
Contact Sales Watch a demo
Partners
Docs

Partners
Docs
Compare Open Source VS Enterprise
Contact Sales
Downloads
We have implemented KrakenD and I must say that I am very impressed how easy the installation and configuration process has been. The documentation is one of the best I have ever seen.
Märt Suga
Software Architect / Single.Earth

CVE-2026-34986 High · CVSS 7.5 False Positive

auth/validator: Go JOSE Panic via Empty Encrypted Key in JWE Key Wrapping

This CVE does not affect KrakenD

KrakenD’s auth/validator component does not implement JWE (JSON Web Encryption) support. The vulnerability exists in the JWE processing path of the underlying library, which KrakenD never invokes. The library was upgraded as a precaution.

Addressed through routine dependency maintenance in CE 2.13.4 and EE 2.13.2.

Component

auth/validator

Disclosed

Apr 8, 2026

CVSS Score

7.5

Description

Go JOSE panics when parsing a JWE object that specifies a key-wrapping algorithm but supplies an empty encrypted_key field. The cipher.KeyUnwrap() call attempts to allocate a slice with invalid length parameters, causing an unhandled exception and crashing the process. Affects go-jose v3.0.0–3.0.4 and v4.0.0–4.1.3.

View CVE-2026-34986 on NVD

Stay up to date with KrakenD releases and important updates