Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2026-23529

CVE-2026-23529: Kafka Connect BigQuery SSRF Vulnerability

CVE-2026-23529 is an SSRF flaw in Kafka Connect BigQuery Connector that enables arbitrary file reads and server-side request forgery through malicious credential configurations. This post covers technical details, affected versions, impact, and mitigation strategies.

Published:

CVE-2026-23529 Overview

CVE-2026-23529 is a critical security vulnerability affecting the Aiven BigQuery Connector for Apache Kafka, an implementation of a sink connector used to transfer data from Apache Kafka to Google BigQuery. Prior to version 2.11.0, the connector contains an arbitrary file read vulnerability that can also be leveraged for Server-Side Request Forgery (SSRF) attacks.

The vulnerability stems from insufficient validation of externally-sourced credential configurations before they are processed by Google authentication libraries. The connector requires Google Cloud credential configurations for authentication to BigQuery services, and during connector configuration, users can supply credential JSON files. An attacker can exploit this weakness by providing a malicious credential configuration containing crafted credential_source.file paths or credential_source.url endpoints, enabling arbitrary file reads from the server or SSRF attacks against internal network resources.

Critical Impact

Attackers with low-privilege access can read arbitrary files from affected systems or perform SSRF attacks, potentially exposing sensitive credentials, configuration files, and internal services.

Affected Products

  • Aiven BigQuery Connector for Apache Kafka versions prior to 2.11.0
  • Kafka Connect deployments using vulnerable BigQuery Sink connector
  • Google Cloud environments utilizing the vulnerable connector for data ingestion

Discovery Timeline

  • January 16, 2026 - CVE-2026-23529 published to NVD
  • January 16, 2026 - Last updated in NVD database

Technical Details for CVE-2026-23529

Vulnerability Analysis

This vulnerability is classified under CWE-73 (External Control of File Name or Path), which occurs when an application allows external input to control file system paths without proper validation. In the context of the BigQuery Sink connector, the flaw manifests in how the service processes Google Cloud credential configurations.

The attack is network-accessible and requires only low-level privileges to exploit, though no user interaction is necessary. When exploited, the vulnerability can affect resources beyond the security scope of the vulnerable component, allowing attackers to read highly sensitive data from the compromised system.

The impact is primarily confidentiality-focused, as attackers can extract sensitive files such as configuration files, private keys, service account credentials, and other sensitive data stored on systems running the vulnerable connector.

Root Cause

The root cause lies in the connector's failure to validate externally-sourced credential configurations before passing them to Google authentication libraries. The connector accepts credential JSON files that may contain malicious credential_source.file or credential_source.url values, which are then processed by the underlying Google Cloud client libraries without sanitization.

This allows attackers to specify arbitrary file paths or URL endpoints that the connector will attempt to read during the authentication process, effectively turning the connector into a proxy for accessing local files or making arbitrary HTTP requests.

Attack Vector

The attack vector involves providing a malicious credential configuration file to the BigQuery Sink connector. An attacker with the ability to configure connectors can craft a credential JSON file containing:

  1. Arbitrary File Read: A credential_source.file path pointing to sensitive system files (e.g., /etc/passwd, /etc/shadow, application configuration files, private keys)
  2. SSRF Attack: A credential_source.url endpoint pointing to internal services, cloud metadata endpoints (e.g., http://169.254.169.254/), or other internal network resources

The security patch introduces proper validation through the addition of io.aiven.commons:google-utils and io.aiven.commons:system dependencies, which provide secure handling of credential configurations:

xml
         <groupId>com.wepay.kcbq</groupId>
         <artifactId>kcbq-parent</artifactId>
         <version>2.11.0-SNAPSHOT</version>
-        <relativePath>..</relativePath>
     </parent>
     <url>https://github.com/Aiven-Open/bigquery-connector-for-apache-kafka/</url>
     <artifactId>kcbq-connector</artifactId>
     <name>kafka-connect-bigquery</name>
     <organization>
-        <name>Aiven</name>
+        <name>Aiven, OY</name>
         <url>https://www.aiven.io</url>
     </organization>
     <properties>
         <main.dir>${project.parent.basedir}</main.dir>
     </properties>
 
     <dependencies>
+        <dependency>
+            <groupId>io.aiven.commons</groupId>
+            <artifactId>google-utils</artifactId>
+            <scope>compile</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>io.aiven.commons</groupId>
+            <artifactId>system</artifactId>
+            <scope>compile</scope>
+        </dependency>
+

Source: GitHub Commit Update

Detection Methods for CVE-2026-23529

Indicators of Compromise

  • Unusual file access patterns from Kafka Connect processes, particularly reads of sensitive system files like /etc/passwd, /etc/shadow, or credential files
  • Connector configuration changes that include suspicious credential_source.file paths containing path traversal sequences (../)
  • Outbound HTTP requests from Kafka Connect to internal IP ranges or cloud metadata endpoints (e.g., 169.254.169.254)
  • Authentication errors followed by successful reads of unexpected file paths in connector logs

Detection Strategies

  • Monitor Kafka Connect configuration changes for credential configurations containing credential_source.file or credential_source.url parameters
  • Implement file integrity monitoring on systems running Kafka Connect to detect unusual file access patterns
  • Deploy network monitoring to detect SSRF attempts targeting internal services or cloud metadata endpoints
  • Review Kafka Connect audit logs for connector configuration modifications by unauthorized users

Monitoring Recommendations

  • Enable verbose logging for Kafka Connect BigQuery Sink connector operations
  • Configure alerting for outbound connections from Kafka Connect to internal IP ranges or cloud metadata services
  • Implement access controls and audit logging for connector configuration changes
  • Monitor for authentication library errors that may indicate exploitation attempts

How to Mitigate CVE-2026-23529

Immediate Actions Required

  • Upgrade Aiven BigQuery Connector for Apache Kafka to version 2.11.0 or later immediately
  • Audit existing connector configurations for suspicious credential_source.file or credential_source.url values
  • Review access controls for who can create or modify Kafka Connect connector configurations
  • Inspect logs for evidence of exploitation attempts prior to patching

Patch Information

Aiven has released version 2.11.0 of the BigQuery Connector for Apache Kafka which addresses this vulnerability. The fix introduces proper validation of credential configurations through new security utility libraries (io.aiven.commons:google-utils and io.aiven.commons:system) that sanitize credential source paths and URLs before processing.

Upgrade instructions and release notes are available in the GitHub Release v2.11.0. Additional details can be found in the GitHub Security Advisory GHSA-3mg8-2g53-5gj4.

Workarounds

  • Restrict connector configuration privileges to trusted administrators only until the patch can be applied
  • Implement network segmentation to limit outbound connectivity from Kafka Connect instances
  • Deploy web application firewall (WAF) rules to block SSRF attempts targeting cloud metadata endpoints
  • Use service mesh or network policies to restrict Kafka Connect's ability to access sensitive internal services
bash
# Example: Upgrade BigQuery Connector using Maven
mvn dependency:purge-local-repository -DmanualInclude=com.wepay.kcbq:kcbq-connector
mvn dependency:resolve -DincludeArtifactIds=kcbq-connector -Dversion=2.11.0

# Verify installed version
mvn dependency:tree | grep kcbq-connector

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.