VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-epk1-js2e-f3hm

Essentials
Severities (20)
References (10)
Severity details (16)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-epk1-js2e-f3hm
Aliases	CVE-2026-33557 GHSA-28jg-cgg7-j4wc
Summary
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-1285	Improper Validation of Specified Index, Position, or Offset in Input
CWE-303	Incorrect Implementation of Authentication Algorithm

System	Score	Found at
cvssv3	8.6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33557.json
epss	0.00043	https://api.first.org/data/v1/epss?cve=CVE-2026-33557
epss	0.00125	https://api.first.org/data/v1/epss?cve=CVE-2026-33557
epss	0.002	https://api.first.org/data/v1/epss?cve=CVE-2026-33557
epss	0.002	https://api.first.org/data/v1/epss?cve=CVE-2026-33557
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-28jg-cgg7-j4wc
cvssv3.1	9.1	https://github.com/apache/kafka
generic_textual	CRITICAL	https://github.com/apache/kafka
cvssv3.1	9.1	https://github.com/apache/kafka/commit/01d8e7db8d08dbd538892b409457ea6bfcc2a422
generic_textual	CRITICAL	https://github.com/apache/kafka/commit/01d8e7db8d08dbd538892b409457ea6bfcc2a422
cvssv3.1	9.1	https://kafka.apache.org/cve-list
generic_textual	CRITICAL	https://kafka.apache.org/cve-list
ssvc	Track	https://kafka.apache.org/cve-list
cvssv3.1	9.1	https://lists.apache.org/thread/v57o00hm6yszdpdnvqx2ss4561yh953h
generic_textual	CRITICAL	https://lists.apache.org/thread/v57o00hm6yszdpdnvqx2ss4561yh953h
ssvc	Track	https://lists.apache.org/thread/v57o00hm6yszdpdnvqx2ss4561yh953h
cvssv3.1	9.1	https://nvd.nist.gov/vuln/detail/CVE-2026-33557
generic_textual	CRITICAL	https://nvd.nist.gov/vuln/detail/CVE-2026-33557
cvssv3.1	9.1	http://www.openwall.com/lists/oss-security/2026/04/17/2
generic_textual	CRITICAL	http://www.openwall.com/lists/oss-security/2026/04/17/2

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33557.json
		https://api.first.org/data/v1/epss?cve=CVE-2026-33557
		https://github.com/apache/kafka
		https://github.com/apache/kafka/commit/01d8e7db8d08dbd538892b409457ea6bfcc2a422
		https://kafka.apache.org/cve-list
		https://nvd.nist.gov/vuln/detail/CVE-2026-33557
		http://www.openwall.com/lists/oss-security/2026/04/17/2
2459739		https://bugzilla.redhat.com/show_bug.cgi?id=2459739
GHSA-28jg-cgg7-j4wc		https://github.com/advisories/GHSA-28jg-cgg7-j4wc
v57o00hm6yszdpdnvqx2ss4561yh953h		https://lists.apache.org/thread/v57o00hm6yszdpdnvqx2ss4561yh953h

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33557.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/apache/kafka

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/apache/kafka/commit/01d8e7db8d08dbd538892b409457ea6bfcc2a422

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://kafka.apache.org/cve-list

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-20T14:29:31Z/ Found at https://kafka.apache.org/cve-list

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://lists.apache.org/thread/v57o00hm6yszdpdnvqx2ss4561yh953h

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-20T14:29:31Z/ Found at https://lists.apache.org/thread/v57o00hm6yszdpdnvqx2ss4561yh953h

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2026-33557

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at http://www.openwall.com/lists/oss-security/2026/04/17/2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.13199
EPSS Score	0.00043
Published At	April 21, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-22T03:41:35.420967+00:00	EPSS Importer	Import	https://epss.cyentia.com/epss_scores-current.csv.gz	38.4.0