CVE-2026-3206

KrakenD <2.13.1/EE <2.13.0 - Memory Corruption

Title source: llm

Description

Improper Resource Shutdown or Release vulnerability in KrakenD, SLU KrakenD-CE (CircuitBreaker modules), KrakenD, SLU KrakenD-EE (CircuitBreaker modules). This issue affects KrakenD-CE: before 2.13.1; KrakenD-EE: before 2.12.5.

References (3)

[Various Sources] https://www.krakend.io/blog/krakend-2.13.1-release-notes/

[Various Sources] https://www.krakend.io/blog/krakend-ee-2.13-release-notes/

[Various Sources] https://www.krakend.io/blog/krakend-ee-2.12.5-release-notes/

Scores

EPSS 0.0005

EPSS Percentile 14.1%

Classification

CWE

CWE-404

Status draft

Timeline

Published Feb 25, 2026

Tracked Since Feb 25, 2026