- Partners
- Docs
- Compare Open Source VS Enterprise
- Contact Sales
- Downloads
I've chosen KrakenD because of its simplicity, statelessness, immutability, and performance.
Fabijan Bajo
Tech Lead Cloud Infrastructure / IBM
I've chosen KrakenD because of its simplicity, statelessness, immutability, and performance.
Fabijan Bajo
Tech Lead Cloud Infrastructure / IBM
CVE-2026-39820
Medium
False Positivenet/mail
formatted headers at runtime. The net/mail package is a transitive dependency
but its parsing functions are never invoked during KrakenD operation.Addressed through routine dependency maintenance in CE 2.13.5 and EE 2.13.3.
Component
Go standard library (net/mail)
Disclosed
May 11, 2026
net/mail package performs quadratic string concatenation inside the
consumeComment function when processing comment tokens within certain mail
header values. A crafted comment in an email header can cause excessive CPU
and memory consumption, leading to denial of service.Stay up to date with KrakenD releases and important updates