News KrakenD CE 2.13.7 and EE 2.13.5 update released

Products
Community Edition
Open Source API Gateway Free to use The high-performance open source API gateway, free to use and trusted by thousands of teams.
Enterprise Edition
API Gateway Enterprise-Grade with SLAs Production-grade gateway with security, governance, and 24/7 support backed by SLAs.
AI Gateway Same Gateway, Now for AI LLM routing, prompt guardrails, token budgets, and a built-in MCP server, all from one gateway.
It seems that KrakenD does not exist because it hasn't caused any problems so far and is really fast, as promised.
Celso Zavatti
Head of Technology, Ahgora Sistemas
Compare Open Source VS Enterprise
Contact Sales Watch a demo
Solutions
E-Government
For Governments & Public Sector
Modernize citizen services with fully on-prem, air-gapped APIs, without compromising data sovereignty.
Open Banking
For Banks & Financial Institutions
Expose open banking APIs with strict governance, predictable performance, and zero loss of control.
E-Commerce
For Digital Commerce Platforms
Increase conversions and scale traffic safely with low-latency APIs built for revenue-critical workloads.
We began by creating a model with the community version to assess its capabilities. Once we confirmed that this tool met our needs, we opted for an enterprise license. Simply to benefit from tools that facilitate integration into our model and address specific requirements of our architecture in terms of security, data transformation, and authentication management.
Nicolas Gabetty
Senior Engineer, Coop Atlantique
More industries and real-world examples: Case studies
Contact Sales Watch a demo
Resources
Knowledge Hub
Training & Certification
Documentation
Support
Security Advisories
Developer Tools
Designer
Community Playground
Enterprise Playground
Company
About us
Blog
We have implemented KrakenD and I must say that I am very impressed how easy the installation and configuration process has been. The documentation is one of the best I have ever seen.
Märt Suga
Software Architect, Single.Earth
Compare Open Source VS Enterprise
Contact Sales Watch a demo
Partners
Docs

Partners
Docs
Compare Open Source VS Enterprise
Contact Sales
Downloads
I've chosen KrakenD because of its simplicity, statelessness, immutability, and performance.
Fabijan Bajo
Tech Lead Cloud Infrastructure / IBM

CVE-2026-42504 Medium Low Impact

mime: Denial of Service via Quadratic Complexity in MIME Header Decoding

Limited exploitability

Exploiting this CVE requires an uncommon setup or configuration. Upgrading is still recommended when possible.

The vulnerability can be triggered by sending HTTP requests with maliciously-crafted MIME-encoded headers (RFC 2047 encoded-words). Deployments that proxy multipart form data or forward headers containing MIME-encoded values are most exposed.

Component

Go standard library (mime)

Disclosed

Jun 3, 2026

Description

Go’s mime package WordDecoder.DecodeHeader function processes RFC 2047-encoded words in MIME headers. Decoding a maliciously-crafted MIME header containing many invalid encoded-words could consume excessive CPU, leading to denial of service. The MIME decoder was updated to better handle this case. KrakenD can receive such crafted headers from clients sending multipart requests or via backend HTTP responses, making this potentially exploitable in proxied deployments.

Version summary

Community Edition

2.13.7

addresses this CVE

Affected CE versions

>= 2.0, < 2.13.7

Enterprise Edition

2.13.5

addresses this CVE

Affected EE versions

>= 2.0, < 2.13.5

Upgrade to the addressed version or later to remediate this vulnerability.

References

View CVE-2026-42504 on Go Issue Tracker

Stay up to date with KrakenD releases and important updates