CVE-2026-29190
MEDIUMaiven/karapace < 6.0.0 - Path Traversal via Backup Reader
Title source: llmDescription
Karapace is an open-source implementation of Kafka REST and Schema Registry. Prior to version 6.0.0, there is a Path Traversal vulnerability in the backup reader (backup/backends/v3/backend.py). If a malicious backup file is provided to Karapace, an attacker may exploit insufficient path validation to perform arbitrary file read on the system where Karapace is running. The issue affects deployments that use the backup/restore functionality and process backups from untrusted sources. The impact depends on the file system permissions of the Karapace process. This issue has been patched in version 6.0.0.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/Aiven-Open/karapace/security/advisories/GHSA-rw4j-p3jg-4fxq
Release Notes x_refsource_misc
https://github.com/Aiven-Open/karapace/releases/tag/6.0.0
Scores
CVSS v3
4.1
EPSS
0.0037
EPSS Percentile
28.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (1)
aiven/karapace
< 6.0.0
Published
Mar 07, 2026
Tracked Since
Mar 07, 2026