πŸ” CVE Alert

CVE-2026-24308

MEDIUM 6.5

Apache ZooKeeper: Sensitive information disclosure in client configuration handling

CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th

Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information stored in client configuration in the client's logfile. Configuration values are exposed at INFO level logging rendering potential production systems affected by the issue.Β Users are recommended to upgrade to version 3.8.6 or 3.9.5 which fixes this issue.

CWE CWE-532
Vendor apache software foundation
Product apache zookeeper
Published Mar 7, 2026
Last Updated Mar 10, 2026
Stay Ahead of the Next One

Get instant alerts for apache software foundation apache zookeeper

Be the first to know when new medium vulnerabilities affecting apache software foundation apache zookeeper are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

Apache Software Foundation / Apache ZooKeeper
3.9.0 ≀ 3.9.4 3.8.0 ≀ 3.8.5

References

NVD β†— CVE.org β†— EPSS Data β†—
lists.apache.org: https://lists.apache.org/thread/qng3rtzv2pqkmko4rhv85jfplkyrgqdr openwall.com: http://www.openwall.com/lists/oss-security/2026/03/07/5

Credits

πŸ” Youlong Chen <[email protected]>